MidnightBSD

Advisories for docebolms

CVE-2005-4094 HIGH

connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
docebolms docebolms 2.0.4
CVE-2005-4095 MEDIUM

Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
docebolms docebolms 2.0.4
CVE-2006-2668 HIGH

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
docebolms docebolms 2.0.5