Dokeos Multiple Remote Input Validation Vulnerabilities

Summary
Dokeos is prone to multiple input-validation vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, and cross-site request-forgery issues. Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, obtain sensitive information, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, perform certain unauthorized actions in the context of a user, access or modify data, or exploit latent vulnerabilities in the underlying database. Dokeos 1.8.5 is affected prior versions may also be affected.
References