Description

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

Remediation

References

CVE-2021-35414

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)

WordPress Plugin Ninja Announcements Lite 'ninja_annc.php' SQL Injection (1.2.3)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43705)

Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)

WordPress Plugin Really Simple Guest Post Local File Inclusion (1.0.6)

Severity

Critical

Classification

CVE-2021-35414 CWE-707

Tags

Missing Update Known Vulnerabilities