Description
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Remediation
References
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3724)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)
MySQL CVE-2019-2486 Vulnerability (CVE-2019-2486)
Ruby Improper Input Validation Vulnerability (CVE-2008-3657)
Oracle Application Server Other Vulnerability (CVE-2007-2123)