Description
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2019-2414 Vulnerability (CVE-2019-2414)
WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.31)
Squid Improper Input Validation Vulnerability (CVE-2013-1839)
WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)
Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)