|
Description
|
|
Multiple vulnerabilities have been identified in Dokeos, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, or inject arbitrary SQL queries and scripting code.
The first issue is caused by input validation errors in the "main/mySpace/myStudents.php" script when processing the "student" and "course" parameters, which could be exploited to conduct SQL injection or cross site scripting attacks.
The second vulnerability is caused by input validation errors in the "main/auth/courses.php", "main/document/slideshow.php" and "main/exercice/testheaderpage.php" scripts when processing the "search_term", "curdirpath" and "file" paremeters, which could be exploited to conduct cross site scripting attacks.
The third issue is caused by an input validation error when processing the "frm_title" and "frm_content" parameters while adding a new personal agenda item, which could be exploited to conduct script insertion attacks.
The fourth vulnerability is caused by an input validation error when processing the "title" and "tutor_name" parameters while adding a new course, which could be exploited to conduct script insertion attacks.
The fifth issue is caused due to input validation errors when processing HTTP requests, which could be exploited to bypass security restrictions and manipulate certain data (e.g. add new personal agenda items) via cross site forgery attacks.
The sixth vulnerability is caused by input validation errors in the "main/exercice/Hpdownload.php" and "main/exercice/hotspot_lang_conversion.php" scripts when processing the "doc_url" and "lang" parameters, which could allow directory traversal attacks.
The seventh issue is caused by input validation errors in the "main/tracking/userLog.php" and "main/mySpace/lp_tracking.php" scripts when processing the "uInfo" and "course" parameters, which could be exploited to conduct SQL injection attacks.
|
