CVE-2018-25170
SQL Injection in DoceboLMS 1.2 Allows Data Extraction
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docebo | docebolms | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an SQL injection flaw in DoceboLMS version 1.2. It allows unauthenticated attackers to inject malicious SQL code through the GET parameters id, idC, and idU in the lesson.php script. By sending specially crafted HTTP GET requests with SQL payloads, attackers can manipulate database queries.
This manipulation can lead to unauthorized access to sensitive database information, as the injected SQL commands can alter the intended query logic.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized disclosure of sensitive data stored in the database, as attackers can extract information by exploiting the SQL injection.
Because the vulnerability requires no authentication and has a low attack complexity, it can be exploited remotely by anyone, potentially leading to data breaches.
Additionally, the vulnerability could be a stepping stone for further attacks, such as database manipulation or system compromise, especially when combined with other vulnerabilities like arbitrary file upload.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint and observing the responses for signs of SQL injection.'}, {'type': 'paragraph', 'content': 'Specifically, you can test the lesson.php script located at /modules/progcourse/lesson.php by injecting SQL payloads into the GET parameters id, idC, and idU.'}, {'type': 'paragraph', 'content': 'For example, using curl to send a request with a SQL injection payload:'}, {'type': 'list_item', 'content': 'curl "http://target/modules/progcourse/lesson.php?id=1\' OR \'1\'=\'1& idC=1& idU=1"'}, {'type': 'paragraph', 'content': 'If the response contains unexpected data or error messages indicating SQL syntax issues, it may confirm the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable lesson.php endpoint and validating or sanitizing all input parameters (id, idC, idU) to prevent SQL injection.
Additionally, consider applying web application firewall (WAF) rules to block malicious SQL injection payloads targeting these parameters.
If possible, update or patch the DoceboLMS installation to a version that addresses this vulnerability.
As a temporary measure, monitor and restrict HTTP GET requests to the /modules/progcourse/lesson.php endpoint to prevent exploitation.