Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DoceboLMS iotask模块多个SQL注入漏洞
Vulnerability Description
DoceboLMS 4.0.4版本和早期版本中的iotask模块中的lib/lib.iotask.php中的‘save_connection’函数中存在多个SQL注入漏洞。远程认证用户可利用这些漏洞以管理者或教师特权通过传送到index.php脚本中的(1)coursereportuiconfig[name]或(2)coursereportuiconfig[description]参数,执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A