docebo

Top products

The 13 most recently published vulnerabilities affecting docebo.

• CVE-2022-31361Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer9.8Jun 22, 2022
• CVE-2022-31362Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the mainta...8.8Jun 22, 2022
• CVE-2011-5135Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teach...6.0Aug 30, 2012
• CVE-2011-3726DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/...5.0Sep 23, 2011
• CVE-2009-4742Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable throu...7.5Mar 26, 2010
• CVE-2008-7154Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5...5.0Sep 2, 2009
• CVE-2008-7153SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-...7.5Sep 2, 2009
• CVE-2007-1240Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or ...4.3Mar 3, 2007
• CVE-2006-6963Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.d...7.5Jan 29, 2007
• CVE-2006-6957PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i...6.8Jan 29, 2007
• CVE-2006-3107Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where...5.1Jun 21, 2006
• CVE-2006-2577Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2...5.1May 24, 2006
• CVE-2006-2576Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where...5.1May 24, 2006