Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dokeos 多个SQL注入漏洞
Vulnerability Description
Dokeos存在多个SQL注入漏洞。远程攻击者可以通过(1) whoisonline.PHP的id参数, (2) main/mySpace/index.PHP的tracking_list_coaches_column参数, (3)main/create_course/add_course.PHP的 tutor_name参数, (4) index.PHP的Referer HTTP标题, 以及 (5) main/admin/class_list.PHP的X-Fowarded-For HTTP标题来执行任意SQ
CVSS Information
N/A
Vulnerability Type
N/A