DoceboLMS 4.0.4 multiple security vulnerabilities

There is a reflected Cross Site Scripting (XSS) vulnerability in DoceboLMS 4.0.4 which may allow an attacker to take control of the software. There are also numerous Full Path Disclosure vulnerabilities. Previous versions may also be affected.

Software

Software Link: DoceboLMS 4.0.4

Vulnerable Version: 4.0.4 (previous versions may also be affected)

Vendor Notification:

# 2011-03-20 # Notified vendor: webmaster@docebo.org, support@docebo.org

# 2011-03-27 # No reply. Advisory released.

Vulnerabilities

# Reflected Cross-Site Scripting (XSS) # <= 4.0.4 # Unpatched

The vulnerability is due to failure in the "clean_input_keys($str)" function in "/lib/lib.filterinput.php" to properly sanitize user-supplied data in the array index when presenting the "Disallowed key characters in global data" message which is ironically triggered by the presence of the XSS payload.

The following proof of concept is available:

# Information Disclosure # Full Path Disclosure # <= 4.0.4 # Unpatched

The following proof of concept is available:

Reference

# OWASP: Cross-Site Scripting

# OWASP: Full Path Disclosure

Appendix

[TXT] DoceboLMS 4.0.4 multiple security vulnerabilities