9 lines
No EOL
743 B
Text
9 lines
No EOL
743 B
Text
source: https://www.securityfocus.com/bid/27792/info
|
|
|
|
Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue.
|
|
|
|
Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Versions prior to Dokeos 1.8.4 SP2 are affected.
|
|
|
|
http://www.example.com/[installdir]/whoisonline.php?id=1'+and+"dsec"="dsecrg"+union+select+user(),version()/* |