Description
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Remediation
References
Related Vulnerabilities
WordPress Plugin fMoblog 'id' Parameter SQL Injection (2.1)
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2013-1824)
WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)
WordPress Plugin WP GPX Maps 'wp-gpx-maps_admin_tracks.php' Arbitrary File Upload (1.1.22)
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)