CVE-2007-2889

Dokeos <1.6.5 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · perlwebappsphp

https://www.exploit-db.com/exploits/3980

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34483

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3980

[Third Party Advisory, VDB Entry] http://osvdb.org/38061

[Exploit] http://www.securityfocus.com/bid/24136

Scores

EPSS 0.0043

EPSS Percentile 62.6%

Details

Status published

Products (9)

dokeos/open_source_learning_and_knowledge_management_tool 1.4

dokeos/open_source_learning_and_knowledge_management_tool 1.5

dokeos/open_source_learning_and_knowledge_management_tool 1.5.3

dokeos/open_source_learning_and_knowledge_management_tool 1.5.4

dokeos/open_source_learning_and_knowledge_management_tool 1.5.5

dokeos/open_source_learning_and_knowledge_management_tool 1.6.4

dokeos/open_source_learning_and_knowledge_management_tool 1.6.4_p1

dokeos/open_source_learning_and_knowledge_management_tool 1.6.5

dokeos/open_source_learning_and_knowledge_management_tool 1.6_rc2

Published May 30, 2007

Tracked Since Feb 18, 2026