The remote host contains a PHP application that is vulnerable to remote and local file inclusions. Description : At least one Docebo application is installed on the system. Docebo has multiple PHP based applications, including a content management system (DoceboCMS), a e-learning platform (DoceboLMS) and a knowledge maintenance system (DoceboKMS) By using a flaw in some PHP versions (PHP4 <= 4.4.0 and PHP5 <= 5.0.5) it is possible to include files by overwriting the $GLOBALS variable. This flaw exists if PHP's register_globals is enabled.

Disable PHP's register_globals and/or upgrade to a newer PHP release.

• http://secunia.com/advisories/20260/
• http://www.hardened-php.net/advisory_202005.79.html

---

Updated on 2015-03-25