ID de Prueba:	1.3.6.1.4.1.25623.1.0.100155
Categoría:	Web application abuses
Título:	Dokeos <= 1.8.5 'user_portal.php' Local File Include Vulnerability
Resumen:	Dokeos is prone to a local file-include vulnerability because it fails to; properly sanitize user-supplied input.
Descripción:	Summary: Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker can exploit this vulnerability to view local files or execute arbitrary local scripts on the vulnerable computer in the context of the webserver process. Affected Software/OS: Dokeos 1.8.5 is vulnerable, other versions may also be affected. Please note that this issue affects only Dokeos running on Windows. Solution: The vendor has provided a workaround to mitigate this vulnerability. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3363 BugTraq ID: 30150 http://www.securityfocus.com/bid/30150 Bugtraq: 20080717 [DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5 (Google Search) http://www.securityfocus.com/archive/1/494496/100/0/threaded https://www.exploit-db.com/exploits/6149 http://secunia.com/advisories/30987 http://securityreason.com/securityalert/4056 http://www.vupen.com/english/advisories/2008/2208/references XForce ISS Database: dokeos-userportal-file-include(43865) https://exchange.xforce.ibmcloud.com/vulnerabilities/43865
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.