CVE-2008-7154

Name of the Vulnerable Software and Affected Versions Docebo versions 3.5.0.3 and earlier

Description The issue allows remote attackers to obtain sensitive information via direct requests to specific files, which reveals the installation path in an error message. The affected files include class/class.conf fw.php, class.module/class.event manager.php, lib/lib.domxml5.php, and menu/menu over.php in doceboCore/, as well as class/class.conf cms.php, lib/lib.compose.php, modules/chat/teleskill.php, and class/class.admin menu cms.php in doceboCms/.

Recommendations For Docebo versions 3.5.0.3 and earlier, consider restricting access to the specified files in doceboCore/ and doceboCms/ to minimize the risk of exploitation. Avoid using these files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.