Description
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Sharing-Kiwi Security Bypass (2.0.10)
WordPress Plugin WP Customize Login Cross-Site Scripting (1.1)
MediaWiki Improper Authentication Vulnerability (CVE-2021-30158)
WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)