Page 3 of 23 results (0.006 seconds)

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-32925

https://notcve.org/view.php?id=CVE-2021-32925

13 May 2021 — admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. el archivo admin/user_import.php en Chamilo versión 1.11.x, lee datos XML sin deshabilitar la capacidad de cargar entidades externas • https://github.com/andrejspuler/writeups/blob/main/chamilo-lms/README.md#authenticated-rcelfi-in-user-import-via-xml-external-entity---cve-2021-32925 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.2EPSS: 8%CPEs: 1EXPL: 2

CVE-2021-31933 – Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)

https://notcve.org/view.php?id=CVE-2021-31933

30 Apr 2021 — A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution. Se presenta una vulnerabilidad de ejecución de código remota en Chamilo version... • https://www.exploit-db.com/exploits/49867 • CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-26746

https://notcve.org/view.php?id=CVE-2021-26746

19 Feb 2021 — Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. Chamilo versión 1.11.14, permite un ataque de tipo XSS por medio de un URI main/calendar/agenda_list.php?type= • https://github.com/chamilo/chamilo-lms/commit/d939402d83bf68af5377b629883d8e5437d843ec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •