Description
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Unspecified Vulnerability (2.1.26)
WordPress Plugin FG Joomla to WordPress Cross-Site Scripting (3.30.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)