MidnightBSD

Advisories for dokeos

CVE-2005-2598 MEDIUM

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dokeos dokeos *
CVE-2006-2284 MEDIUM

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dokeos dokeos 1.5.4
dokeos dokeos 1.5.3
dokeos dokeos 1.5.5
claroline claroline 1.5
dokeos dokeos 1.6.4
claroline claroline 1.6_rc1
claroline claroline 1.7.4
claroline claroline 1.7.2
claroline claroline 1.6
claroline claroline 1.7.5
dokeos dokeos 1.5
dokeos dokeos 1.6_rc2
claroline claroline 1.5.4
dokeos dokeos 1.4
claroline claroline 1.5.3
claroline claroline 1.6_beta
CVE-2006-2285 MEDIUM

PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dokeos open_source_learning_and_knowledge_management_tool 1.4
dokeos open_source_learning_and_knowledge_management_tool 1.6.4
dokeos open_source_learning_and_knowledge_management_tool 1.5
dokeos open_source_learning_and_knowledge_management_tool 1.5.3
dokeos open_source_learning_and_knowledge_management_tool 1.6_rc2
dokeos open_source_learning_and_knowledge_management_tool 1.5.4
dokeos open_source_learning_and_knowledge_management_tool 1.5.5
CVE-2006-2286 MEDIUM

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
dokeos dokeos_community_release 2.0.3
dokeos dokeos *
CVE-2012-5776 LOW

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dokeos dokeos 2.1.1
CVE-2013-6341 HIGH

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
dokeos dokeos *
dokeos dokeos 2.0
dokeos dokeos 2.1