Description
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)
WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)
WordPress Plugin Slimstat Analytics Cross-Site Request Forgery (4.8.3)