CVE-2009-2008

Name of the Vulnerable Software and Affected Versions: Dokeos versions 1.8.5 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the uInfo parameter to "main/tracking/userLog.php" and the course parameter to "main/mySpace/lp tracking.php".

Recommendations: For Dokeos versions 1.8.5 and earlier, consider restricting access to the main/tracking/userLog.php and main/mySpace/lp tracking.php endpoints until a fix is available. Avoid using the uInfo and course parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.