Description

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

Remediation

References

CVE-2018-20329

Related Vulnerabilities

WordPress Plugin Header Footer Code Manager SQL Injection (1.1.13)

Microsoft SQL Server CVE-2023-29349 Vulnerability (CVE-2023-29349)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-35625)

PostgreSQL Improper Input Validation Vulnerability (CVE-2014-0066)

ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)

Severity

High

Classification

CVE-2018-20329 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities