Test ID:	1.3.6.1.4.1.25623.1.0.100155
Category:	Web application abuses
Title:	Dokeos <= 1.8.5 'user_portal.php' Local File Include Vulnerability
Summary:	Dokeos is prone to a local file-include vulnerability because it fails to; properly sanitize user-supplied input.
Description:	Summary: Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker can exploit this vulnerability to view local files or execute arbitrary local scripts on the vulnerable computer in the context of the webserver process. Affected Software/OS: Dokeos 1.8.5 is vulnerable, other versions may also be affected. Please note that this issue affects only Dokeos running on Windows. Solution: The vendor has provided a workaround to mitigate this vulnerability. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3363 BugTraq ID: 30150 http://www.securityfocus.com/bid/30150 Bugtraq: 20080717 [DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5 (Google Search) http://www.securityfocus.com/archive/1/494496/100/0/threaded https://www.exploit-db.com/exploits/6149 http://secunia.com/advisories/30987 http://securityreason.com/securityalert/4056 http://www.vupen.com/english/advisories/2008/2208/references XForce ISS Database: dokeos-userportal-file-include(43865) https://exchange.xforce.ibmcloud.com/vulnerabilities/43865
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.