Sql injection

2012-08-3022:55:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.1%

JSON

Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.

CPENameOperatorVersion
docebolmseq2.0.5
docebolmseq4.0
docebolmsle4.0.4
docebolmseq2.0.4

Name	Operator	Version
docebolms	eq	2.0.5
docebolms	eq	4.0
docebolms	le	4.0.4
docebolms	eq	2.0.4

References

exchange.xforce.ibmcloud.com/vulnerabilities/71720

twitter.com/claudioerba73/status/143383179162685440

www.exploit-db.com/exploits/18224