CVE-2011-5135

Name of the Vulnerable Software and Affected Versions DoceboLMS versions 4.0.4 and earlier

Description The issue concerns SQL injection vulnerabilities in the save connection function within the iotask module of DoceboLMS. These vulnerabilities allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands. This can be achieved by manipulating the coursereportuiconfig[name] or coursereportuiconfig[description] parameters in the index.php API endpoint.

Recommendations For DoceboLMS versions 4.0.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.