Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)

Description

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

Remediation

References

Related Vulnerabilities

WordPress Plugin JupiterX Core Security Bypass (2.0.6)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Privilege Escalation (5.8.9)

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-24574)

Severity

Medium

Classification

CVE-2021-32925 CWE-200 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities