Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7153

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7153
Last Modified 02 Sep 2009 12:00:00
Published 02 Sep 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7153

Summary

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.

Vulnerable Systems

Application

  • Docebo 3.0.3

  • Docebo 3.0.4

  • Docebo 3.0.5

  • Docebo 3.5 Beta

  • Docebo 3.5.0.3


References

CONFIRM - http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html

XF - docebo-libregset-sql-injection(39589)

BID - 27211

MILW0RM - 4891

MILW0RM - 4879

SECUNIA - 28378

OSVDB - 40138


Last Updated: 27 May 2016 10:49:29