Dokeos 'user_portal.php' Local File Include Vulnerability

Summary
Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files or execute arbitrary local scripts on the vulnerable computer in the context of the webserver process. Please note that this issue affects only Dokeos running on Windows. Dokeos 1.8.5 is vulnerable other versions may also be affected.
References