Description
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter by Supsystic SQL Injection (1.5.5)
WordPress Plugin WooPay-Inicis Cross-Site Scripting (1.1.3)
WordPress Plugin You Shang Cross-Site Scripting (1.0.1)
Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)
WordPress Plugin Accept Donations with PayPal Cross-Site Request Forgery (1.3)