Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6787)

Description

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

Remediation

References

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2362)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16650)

Oracle Application Server CVE-2006-0286 Vulnerability (CVE-2006-0286)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)

WordPress Plugin Podcast Importer SecondLine SQL Injection (1.3.7)

Severity

Medium

Classification

CVE-2013-6787 CWE-138

Tags

Missing Update Known Vulnerabilities