Description admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. Remediation References CVE-2021-32925 Related Vulnerabilities WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (2.9.24) WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.6) Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258) WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2) WordPress Plugin Gmedia Photo Gallery Arbitrary File Upload (1.2.1) Severity Medium Classification CVE-2021-32925 CWE-200 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H Tags Missing Update Known Vulnerabilities