CVE-2006-2576

Name of the Vulnerable Software and Affected Versions Docebo versions 3.0.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL when register globals is enabled. This is achieved by exploiting remote file inclusion vulnerabilities in various PHP files, including lib.simplesel.php, lib.filelist.php, tree.documents.php, lib.repo.php, lib.php, and lib.teleskill.php, by manipulating GLOBALS[where framework] and GLOBALS[where scs].

Recommendations For Docebo versions 3.0.3 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the vulnerable PHP files, including lib.simplesel.php, lib.filelist.php, tree.documents.php, lib.repo.php, lib.php, and lib.teleskill.php, to minimize the risk of exploitation.