CVE-2018-25170

HIGH

DoceboLMS 1.2 - SQL Injection

Title source: llm

Description

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45858

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45858

[Third Party Advisory] https://www.vulncheck.com/advisories/docebolms-sql-injection-via-lessonphp

Scores

CVSS v3 8.2

EPSS 0.0002

EPSS Percentile 5.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Classification

CWE

CWE-352

Status draft

Timeline

Published Mar 06, 2026

Tracked Since Mar 06, 2026