{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Dokeos versions 1.6.4 et ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Dokeos community versions 2.0.3 et ant\u00e9rieures.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDokeos est un outil permettant de r\u00e9aliser des cours en ligne.\n\nUne vuln\u00e9rabilit\u00e9 de type injection de commandes SQL a \u00e9t\u00e9 d\u00e9couverte\ndans Dokeos.\n\n## Solution\n\nLa version 2.0.4 de Dokeos community corrige le probl\u00e8me. Il existe un\ncorrectif pour les versions 1.6.x mais celui-ci n'a pas encore \u00e9t\u00e9\nint\u00e9gr\u00e9 dans une nouvelle version (voir Documentation).\n","cves":[],"links":[{"title":"Version 2.0.4 de Dokeos community :","url":"http://prdownloads.sourceforge.net/dokeos/dokeos-community-204.tar.gz"},{"title":"Correctif pour les versions 1.6.x :","url":"http://www.dokeos.com/forum/annexes/dokeos.zip"},{"title":"Site de Dokeos :","url":"http://www.dokeos.com/"},{"title":"Message sur le forum de Dokeos :","url":"http://www.dokeos.com/forum/viewtopic.php?t=6882"}],"reference":"CERTA-2006-AVI-157","revisions":[{"description":"version initiale.","revision_date":"2006-04-18T00:00:00.000000"}],"risks":[{"description":"Injection de commandes SQL"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans Dokeos","vendor_advisories":[{"published_at":null,"title":"Message post\u00e9 sur le forum de Dokeos","url":null}]}