CVE-2018-25170 in DoceboLMS
Summary
by MITRE • 03/06/2026
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive database information.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/06/2026
The vulnerability identified as CVE-2018-25170 represents a critical SQL injection flaw within DoceboLMS version 1.2, a widely used learning management system that facilitates educational content delivery and user management. This vulnerability stems from inadequate input validation and sanitization mechanisms within the application's database interaction layers, specifically affecting the lesson.php endpoint which processes user requests containing the id, idC, and idU parameters. The flaw allows unauthenticated attackers to exploit the system by crafting malicious GET requests that inject arbitrary SQL code into the database query execution flow.
The technical exploitation of this vulnerability occurs through parameter manipulation where attackers can inject malicious SQL payloads through the three identified parameters: id, idC, and idU. These parameters are directly incorporated into database queries without proper sanitization or parameterization, creating a direct pathway for attackers to manipulate the underlying database operations. The vulnerability falls under CWE-89 which categorizes SQL injection as a common weakness in web applications, specifically targeting the improper handling of user-supplied data in database queries. When exploited, the vulnerability enables attackers to execute arbitrary database commands, potentially leading to unauthorized data access, modification, or deletion.
The operational impact of this vulnerability extends beyond simple data extraction, as it provides attackers with comprehensive database access capabilities that can compromise the entire learning management system infrastructure. Attackers can leverage this vulnerability to extract sensitive user information including login credentials, personal details, and educational records, potentially leading to identity theft and privacy violations. The unauthenticated nature of the attack means that no prior system access or legitimate credentials are required to exploit the vulnerability, making it particularly dangerous for organizations relying on DoceboLMS for their educational platforms. This vulnerability aligns with ATT&CK technique T1071.004 which covers application layer protocol manipulation, specifically targeting web application vulnerabilities through SQL injection methods.
Organizations utilizing DoceboLMS version 1.2 should immediately implement mitigations including input validation and parameterized queries to prevent SQL injection exploitation. The most effective remediation involves implementing proper input sanitization techniques that validate and sanitize all user-supplied parameters before they are processed by database queries. Additionally, organizations should deploy web application firewalls and implement proper access controls to limit exposure to unauthorized requests. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities within the application and its dependencies. The vulnerability also highlights the importance of keeping software components updated, as newer versions of DoceboLMS likely contain fixes for this specific SQL injection vulnerability that should be implemented immediately to prevent exploitation.