CVE-2018-25170
Received Received - Intake
SQL Injection in DoceboLMS 1.2 Allows Data Extraction

Publication date: 2026-03-06

Last updated on: 2026-03-06

Assigner: VulnCheck

Description
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25170
EUVD
EUVD-2018-21625
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docebo docebolms 1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an SQL injection flaw in DoceboLMS version 1.2. It allows unauthenticated attackers to inject malicious SQL code through the GET parameters id, idC, and idU in the lesson.php script. By sending specially crafted HTTP GET requests with SQL payloads, attackers can manipulate database queries.

This manipulation can lead to unauthorized access to sensitive database information, as the injected SQL commands can alter the intended query logic.

Impact Analysis

The impact of this vulnerability includes unauthorized disclosure of sensitive data stored in the database, as attackers can extract information by exploiting the SQL injection.

Because the vulnerability requires no authentication and has a low attack complexity, it can be exploited remotely by anyone, potentially leading to data breaches.

Additionally, the vulnerability could be a stepping stone for further attacks, such as database manipulation or system compromise, especially when combined with other vulnerabilities like arbitrary file upload.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint and observing the responses for signs of SQL injection.'}, {'type': 'paragraph', 'content': 'Specifically, you can test the lesson.php script located at /modules/progcourse/lesson.php by injecting SQL payloads into the GET parameters id, idC, and idU.'}, {'type': 'paragraph', 'content': 'For example, using curl to send a request with a SQL injection payload:'}, {'type': 'list_item', 'content': 'curl "http://target/modules/progcourse/lesson.php?id=1\' OR \'1\'=\'1& idC=1& idU=1"'}, {'type': 'paragraph', 'content': 'If the response contains unexpected data or error messages indicating SQL syntax issues, it may confirm the presence of the vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable lesson.php endpoint and validating or sanitizing all input parameters (id, idC, idU) to prevent SQL injection.

Additionally, consider applying web application firewall (WAF) rules to block malicious SQL injection payloads targeting these parameters.

If possible, update or patch the DoceboLMS installation to a version that addresses this vulnerability.

As a temporary measure, monitor and restrict HTTP GET requests to the /modules/progcourse/lesson.php endpoint to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart