CVE-2013-6341

Dokeos < 2.2 - SQL Injection via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6341. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This advisory describes a SQL injection vulnerability in Dokeos 2.2 RC2 via the 'language' HTTP GET parameter in '/index.php'. The provided example demonstrates how an attacker can extract MySQL version information using a UNION-based SQL injection.

Description

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/30013

View Code ZIP pw:eip

This advisory describes a SQL injection vulnerability in Dokeos 2.2 RC2 via the 'language' HTTP GET parameter in '/index.php'. The provided example demonstrates how an attacker can extract MySQL version information using a UNION-based SQL injection.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Dokeos 2.2 RC2 and prior

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-11/0140.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30013

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23181

Exploit x_refsource_misc

http://packetstormsecurity.com/files/124201

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89265

Scores

EPSS 0.0228

EPSS Percentile 80.8%

Details

CWE

CWE-89

Status published

Products (3)

dokeos/dokeos 2.0

dokeos/dokeos 2.1 rc1

dokeos/dokeos < 2.2

Published Dec 05, 2013

Tracked Since Feb 18, 2026