CVE-2011-5135

Docebolms < 4.0.4 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · phpwebappsphp

https://www.exploit-db.com/exploits/18224

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/18224

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71720

[Various Sources] https://twitter.com/claudioerba73/status/143383179162685440

Scores

EPSS 0.0080

EPSS Percentile 74.2%

Details

CWE

CWE-89

Status published

Products (4)

docebo/docebolms 2.0.4

docebo/docebolms 2.0.5

docebo/docebolms 4.0

docebo/docebolms < 4.0.4

Published Aug 30, 2012

Tracked Since Feb 18, 2026