Description
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
Remediation
References
Related Vulnerabilities
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1584)
WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
WordPress Plugin WordPress Books Gallery Cross-Site Request Forgery (4.4.8)