CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31361
https://notcve.org/view.php?id=CVE-2022-31361
22 Jun 2022 — Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha detectado que Docebo Community Edition versiones v4.0.5 y anteriores, contiene una vulnerabilidad de inyección SQL. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31362
https://notcve.org/view.php?id=CVE-2022-31362
22 Jun 2022 — Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se ha detectado que Docebo Community Edition versiones v4.0.5 y anteriores, contiene una vulnerabilidad de carga de archivos arbitraria. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4742 – Docebo 3.6.0.3 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-4742
26 Mar 2010 — Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certific... • https://www.exploit-db.com/exploits/10003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •