Description
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.6)
WordPress Plugin Print-O-Matic Cross-Site Scripting (2.1.7)
WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (3.3.7.1)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)