Chamilo: >> Chamilo Lms >> 1.11.8 Security Vulnerabilities
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-12-21
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
CVSS Score
9.8
EPSS Score
0.017
Published
2018-07-23
Page 10