CVE-2008-7154

Docebo < 3.5.0.3 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7154. PoCs published by EgiX.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in Docebo's autoDetectRegion() function via the HTTP_ACCEPT_LANGUAGE header to inject PHP code into a file using INTO DUMPFILE, achieving remote command execution. It includes path disclosure and a reverse shell mechanism.

Description

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/4879

View Code ZIP pw:eip

This exploit leverages a SQL injection vulnerability in Docebo's autoDetectRegion() function via the HTTP_ACCEPT_LANGUAGE header to inject PHP code into a file using INTO DUMPFILE, achieving remote command execution. It includes path disclosure and a reverse shell mechanism.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Docebo <= 3.5.0.3

No auth needed

Prerequisites: magic_quotes_gpc = off · FILE privilege in MySQL

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27211

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4879

Scores

EPSS 0.0254

EPSS Percentile 82.9%

Details

CWE

CWE-200

Status published

Products (5)

docebo/docebo 3.0.3

docebo/docebo 3.0.4

docebo/docebo 3.0.5

docebo/docebo 3.5_beta

docebo/docebo < 3.5.0.3

Published Sep 02, 2009

Tracked Since Feb 18, 2026