Description
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.5.54)
MySQL CVE-2018-2696 Vulnerability (CVE-2018-2696)
WordPress Plugin PushEngage Web Push Notifications Cross-Site Scripting (1.5.8)
WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)
WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2)