Description
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery from files Multiple Vulnerabilities (1.60)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.10)
WordPress Plugin Evarisk 'uploadPhotoApres.php' Arbitrary File Upload (5.1.5.4)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)