CVE-2018-25170

HIGH

DoceboLMS 1.2 - Unauthenticated SQL Injection via lesson.php Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25170. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in DoceboLMS 1.2: SQL injection via the 'id', 'idC', and 'idU' parameters in 'lesson.php', and arbitrary file upload via 'insert_image.php'. The SQLi uses URL-encoded payloads, while the file upload bypasses restrictions to execute PHP code.

Description

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45858

The exploit demonstrates two vulnerabilities in DoceboLMS 1.2: SQL injection via the 'id', 'idC', and 'idU' parameters in 'lesson.php', and arbitrary file upload via 'insert_image.php'. The SQLi uses URL-encoded payloads, while the file upload bypasses restrictions to execute PHP code.

Classification
Working Poc 95%
Attack Type
Sqli | Other
Complexity
Trivial
Reliability
Reliable
Target: DoceboLMS 1.2
Auth required
Prerequisites: valid session cookie (learning=...) · access to vulnerable endpoints
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45858

Scores

CVSS v3 8.2
EPSS 0.0013
EPSS Percentile 3.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-352
Status published
Published Mar 06, 2026
Tracked Since Mar 06, 2026