CVE-2008-0850 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dokeos	Dokeos

Configuration 1 [-]

cpe:2.3:a:dokeos:dokeos:1.8.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://projects.dokeos.com/index.php?do=details&task_id=2218
http://secunia.com/advisories/28974
http://securityreason.com/securityalert/3687
http://www.securityfocus.com/archive/1/488314/100/0/threaded
http://www.securityfocus.com/bid/27792
http://www.securitytracker.com/id?1019425
http://www.vupen.com/english/advisories/2008/0587

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-21T00:00:00

Updated: 2024-08-07T08:01:39.677Z

Reserved: 2008-02-20T00:00:00

Link: CVE-2008-0850

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-02-21T00:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0850

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27792", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27792"}, {"name": "3687", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3687"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://projects.dokeos.com/index.php?do=details&task_id=2218"}, {"name": "20080219 [DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488314/100/0/threaded"}, {"name": "1019425", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019425"}, {"name": "28974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28974"}, {"name": "ADV-2008-0587", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0587"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27792", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27792"}, {"name": "3687", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3687"}, {"name": "http://projects.dokeos.com/index.php?do=details&task_id=2218", "refsource": "CONFIRM", "url": "http://projects.dokeos.com/index.php?do=details&task_id=2218"}, {"name": "20080219 [DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488314/100/0/threaded"}, {"name": "1019425", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019425"}, {"name": "28974", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28974"}, {"name": "ADV-2008-0587", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0587"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:01:39.677Z"}, "title": "CVE Program Container", "references": [{"name": "27792", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27792"}, {"name": "3687", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3687"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://projects.dokeos.com/index.php?do=details&task_id=2218"}, {"name": "20080219 [DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488314/100/0/threaded"}, {"name": "1019425", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019425"}, {"name": "28974", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28974"}, {"name": "ADV-2008-0587", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0587"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0850", "datePublished": "2008-02-21T00:00:00", "dateReserved": "2008-02-20T00:00:00", "dateUpdated": "2024-08-07T08:01:39.677Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dokeos:dokeos:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "644AA10C-A929-4844-8A7A-B4C14FA88744", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de Inyecci\u00f3n SQL en Dokeos 1.8.4, permite a atacantes remotos ejecutar secuencias de comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) id de whoisonline.php, (2)tracking_list_coaches_column de main/mySpace/index.php, (3)tutor_name del main/create_course/add_course.php, (4) Referer HTTP header de index.php y (5)X-Fowarded-For HTTP header de main/admin/class_list.php"}], "id": "CVE-2008-0850", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-21T00:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://projects.dokeos.com/index.php?do=details&task_id=2218"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28974"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3687"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488314/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27792"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019425"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://projects.dokeos.com/index.php?do=details&task_id=2218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/488314/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0587"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}