WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)

Description

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

Remediation

References

Related Vulnerabilities

WordPress Plugin Judge.me Product Reviews for WooCommerce Cross-Site Scripting (1.3.20)

WordPress Plugin RB Agency Local File Disclosure (2.4.7)

MySQL CVE-2015-4767 Vulnerability (CVE-2015-4767)

WordPress Plugin ALO EasyMail Newsletter Multiple Vulnerabilities (2.6.00)

WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1)

Severity

Medium

Classification

CVE-2021-32925 CWE-200 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities