CVE-2008-0850

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
Overview
  • CVE ID
  • CVE-2008-0850
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-02-21T00:44:00
  • Last Modified Date
  • 2018-10-15T22:03:16
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:dokeos:dokeos:1.8.4:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://projects.dokeos.com/index.php?do=details&task_id=2218
http://secunia.com/advisories/28974 Vendor Advisory
http://www.securityfocus.com/bid/27792
http://www.securitytracker.com/id?1019425
http://securityreason.com/securityalert/3687
http://www.vupen.com/english/advisories/2008/0587
http://www.securityfocus.com/archive/1/488314/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-0850
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0850
History
Created Old Value New Value Data Type Notes
2022-05-10 18:18:18 Added to TrackCVE