Description
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)
MySQL CVE-2017-3452 Vulnerability (CVE-2017-3452)
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.6.95)
IBMHttpServer Other Vulnerability (CVE-2000-0505)
SharePoint Improper Certificate Validation Vulnerability (CVE-2019-1006)