CVE-2022-31361

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Configurations

Configuration 1 (hide)

cpe:2.3:a:docebo:docebo:*:*:*:*:community:*:*:*

History

07 Nov 2023, 03:47

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

30 Jun 2022, 18:30

Type Values Removed Values Added
CPE cpe:2.3:a:docebo:docebo:*:*:*:*:community:*:*:*
First Time Docebo
Docebo docebo
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-89
References (MISC) https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html - (MISC) https://blog.formalms.org/about/blog/20-life-after-docebo-the-forma-project-begins.html - Third Party Advisory
References (MISC) https://www.swascan.com/security-advisory-docebo-community-edition/ - (MISC) https://www.swascan.com/security-advisory-docebo-community-edition/ - Exploit, Mitigation, Third Party Advisory

23 Jun 2022, 17:19

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-23 17:15

Updated : 2024-03-21 02:43


NVD link : CVE-2022-31361

Mitre link : CVE-2022-31361

CVE.ORG link : CVE-2022-31361


JSON object : View

Products Affected

docebo

  • docebo
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')