CVE-2006-2577

Name of the Vulnerable Software and Affected Versions Docebo versions 3.0.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in various parameters, including where cms, where lms, where upgrade, BBC LIB PATH, and BBC LANGUAGE PATH, when register globals is enabled.

Recommendations For Docebo versions 3.0.3 and earlier, disable the register globals setting to prevent exploitation. Additionally, restrict access to the parameters where cms, where lms, where upgrade, BBC LIB PATH, and BBC LANGUAGE PATH in various scripts until a fix is available.