CVE-2008-7153

Name of the Vulnerable Software and Affected Versions Docebo versions 3.5.0.3 and earlier

Description A SQL injection issue exists in the autoDetectRegion function in doceboCore/lib/lib.regset.php, allowing remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. This can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.

Recommendations For Docebo versions 3.5.0.3 and earlier, update to a version that fixes this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the autoDetectRegion function until a patch is available. Avoid using the Accept-Language HTTP header in a way that could be exploited by this issue until the vulnerability is resolved.