Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docebo 多个SQL注入漏洞
Vulnerability Description
Docebo是一款基于Web的内容管理系统。 Docebo存在多个SQL注入漏洞。远程攻击者可以借助多个参数,执行任意的SQL命令。这些参数包含:(1)模块faq的play help功能中word参数;(2)模块link的play keyw功能中word参数;(2)模块meta_certificate的elemmetacertificate功能中的id_certificate参数;(4)模块certificate的elemcertificate功能中的id_certificate参数。
CVSS Information
N/A
Vulnerability Type
N/A