Description
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Remediation
References
Related Vulnerabilities
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)
WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.8)
WordPress Plugin Redirection PHP Object Injection (2.7.3)
WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.3)