Description
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.72)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2348)