Description

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

Remediation

References

CVE-2021-35413

Related Vulnerabilities

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4.2)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)

Oracle JRE CVE-2013-2458 Vulnerability (CVE-2013-2458)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)

MySQL CVE-2019-2624 Vulnerability (CVE-2019-2624)

Severity

High

Classification

CVE-2021-35413 CWE-707

Tags

Missing Update Known Vulnerabilities