Dokeos Multiple Directory Traversal Vulnerabilities

Dokeos is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

The problems present themselves when an attacker passes a name for a target file, along with directory traversal sequences, to the affected application through any of the affected parameters.

An attacker may leverage these issues to delete or move arbitrary files on an affected computer. Exploitation of this vulnerability could lead to a loss of integrity and possibly loss of availability.

To exploit these vulnerabilities an attacker must have successfully authenticated to the vulnerable application with course administration privileges (e.g. teachers).


 

Privacy Statement
Copyright 2010, SecurityFocus