Description
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.
Remediation
References
Related Vulnerabilities
phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6506)
Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)
WordPress Plugin Custom Content Type Manager Backdoor (0.9.8.8)
Oracle Database Server CVE-2006-0268 Vulnerability (CVE-2006-0268)
phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)