CVE-2013-6341

Dokeos < 2.2 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/30013

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-11/0140.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30013

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23181

Exploit x_refsource_misc

http://packetstormsecurity.com/files/124201

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89265

Scores

EPSS 0.0092

EPSS Percentile 76.1%

Details

CWE

CWE-89

Status published

Products (3)

dokeos/dokeos 2.0

dokeos/dokeos 2.1 rc1

dokeos/dokeos < 2.2

Published Dec 05, 2013

Tracked Since Feb 18, 2026