Summary
Dokeos is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, and cross-site request-forgery issues.
Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, obtain sensitive information, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, perform certain unauthorized actions in the context of a user, access or modify data, or exploit latent vulnerabilities in the underlying database.
Dokeos 1.8.5 is affected
prior versions may also be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2004 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities