Description

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

Remediation

References

CVE-2021-35413

Related Vulnerabilities

WordPress Plugin Lazy Load Cross-Site Scripting (0.6)

WordPress Plugin W3 Total Cache Backdoor (0.9.2.2)

WordPress Plugin Passster-Password Protection Weak Encoding (3.5.5.5.1)

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)

Zenphoto Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5595)

Severity

High

Classification

CVE-2021-35413 CWE-707

Tags

Missing Update Known Vulnerabilities