Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoceboLMS 1.2 SQL Injection via lesson.php
Vulnerability Description
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Docebo LMS 跨站请求伪造漏洞
Vulnerability Description
Docebo LMS是加拿大Docebo公司的一个学习管理系统。 DoceboLMS 1.2版本存在跨站请求伪造漏洞,该漏洞源于lesson.php中的id、idC和idU参数存在SQL注入,可能导致执行任意SQL查询并提取敏感数据库信息。
CVSS Information
N/A
Vulnerability Type
N/A