CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31361
https://notcve.org/view.php?id=CVE-2022-31361
22 Jun 2022 — Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha detectado que Docebo Community Edition versiones v4.0.5 y anteriores, contiene una vulnerabilidad de inyección SQL. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2022-31362
https://notcve.org/view.php?id=CVE-2022-31362
22 Jun 2022 — Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha detectado que Docebo Community Edition versiones v4.0.5 y anteriores, contiene una vulnerabilidad de carga de archivos arbitraria. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4742 – Docebo 3.6.0.3 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-4742
26 Mar 2010 — Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certific... • https://www.exploit-db.com/exploits/10003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 3CVE-2008-7153 – Docebo 3.5.0.3 - '/lib.regset.php/non-blind' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7153
02 Sep 2009 — SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. Vulnerabilidad de inyección SQL en la función autoDetectRegion en doceboCore/lib/lib.regset.php en Docebo v3.5.0.3 y anteriores permite a atacantes remotos ejecutar comandos SQL a su elección a través d... • https://www.exploit-db.com/exploits/4891 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 2%CPEs: 5EXPL: 2CVE-2008-7154 – Docebo 3.5.0.3 - 'lib.regset.php' Command Execution
https://notcve.org/view.php?id=CVE-2008-7154
02 Sep 2009 — Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message. Docebo 3.5.0.3 y versiones anteriores permite a atacantes remotos o... • https://www.exploit-db.com/exploits/4879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 4CVE-2007-1240 – Docebo CMS 3.0.x - '/modules/htmlframechat/index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1240
03 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comando en sitios cruzados (XSS) en Docebo CMS 3.0.3 hasta 3.0.5 permite a atacantes remot... • https://www.exploit-db.com/exploits/29662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-6957
https://notcve.org/view.php?id=CVE-2006-6957
29 Jan 2007 — PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different. Vulnerabilidad de inclusión remota de archivo en PHP en addons/mod_media/body.php en Docebo 3.0.3 y anteriore... • http://archives.neohapsis.com/archives/bugtraq/2006-06/0109.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6963
https://notcve.org/view.php?id=CVE-2006-6963
29 Jan 2007 — Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Docebo LMS 3.0.3 permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro a través del parámetro GLOBALS[where... • http://archives.neohapsis.com/archives/bugtraq/2006-06/0116.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3107
https://notcve.org/view.php?id=CVE-2006-3107
21 Jun 2006 — Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are di... • http://securitytracker.com/id?1016259 •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 1CVE-2006-2576 – Docebo 3.0.3 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-2576
24 May 2006 — Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability. • https://www.exploit-db.com/exploits/1817 •