Description

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

Remediation

References

CVE-2018-20329

Related Vulnerabilities

MySQL CVE-2020-2926 Vulnerability (CVE-2020-2926)

WordPress Plugin Connections Business Directory Cross-Site Scripting (10.4.2)

WordPress Plugin SendPress Newsletters Multiple Vulnerabilities (1.1.7.21)

Next.js CVE-2021-43803 Vulnerability (CVE-2021-43803)

ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22873)

Severity

High

Classification

CVE-2018-20329 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities