CVE-2006-2668

Name of the Vulnerable Software and Affected Versions Docebo LMS version 2.05

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to specific API endpoints, including "modules/credits/business.php", "modules/credits/credits.php", or "modules/credits/help.php".

Recommendations For Docebo LMS version 2.05, consider disabling access to the vulnerable API endpoints "modules/credits/business.php", "modules/credits/credits.php", and "modules/credits/help.php" until a patch is available. Restrict the use of the lang parameter in these endpoints to minimize the risk of exploitation.