Dokeos Multiple Remote Input Validation Vulnerabilities Network Vulnerability

Summary

Dokeos is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, and cross-site request-forgery issues. Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, obtain sensitive information, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, perform certain unauthorized actions in the context of a user, access or modify data, or exploit latent vulnerabilities in the underlying database. Dokeos 1.8.5 is affected prior versions may also be affected.

References

http://www.securityfocus.com/bid/34928

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2004

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Axis2 Document Type Declaration Processing Security Vulnerability
Acidcat CMS Multiple Vulnerabilities
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
AdaptBB Multiple Input Validation Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

Take action and discover your vulnerabilities