Description
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Monsters Editor for WP Super Edit Arbitrary File Upload (1.1)
WordPress Plugin Bold Timeline Lite Cross-Site Scripting (1.1.4)
WordPress Plugin Design Approval System Cross-Site Scripting (3.6)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)
WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)