Back to CVE List

CVE-2018-25170

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Vulnerability Description

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
Spaghettilearning
Product
DoceboLMS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!