Description
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Remediation
References
Related Vulnerabilities
WordPress Plugin BetterLinks-Shorten, Track and Manage any URL Cross-Site Scripting (1.2.5)
WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities (3.0.1)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)
Zope Web Application Server Other Vulnerability (CVE-2007-0240)
WordPress Plugin Simple File List Cross-Site Scripting (4.4.11)