Description
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Remediation
References
Related Vulnerabilities
Grafana Missing Authorization Vulnerability (CVE-2023-2183)
WordPress Plugin Rekt Slideshow TimThumb Arbitrary File Upload (1.0.5)
WordPress Plugin WooCommerce Cross-Site Scripting (8.9.2)
WordPress Plugin Exquisite PayPal Donation Cross-Site Scripting (2.0.0)
WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)