Description

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

Remediation

References

CVE-2018-20329

Related Vulnerabilities

Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20346)

WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.18)

WordPress Plugin Church Admin Cross-Site Scripting (0.800)

WordPress Plugin WooCommerce Save For Later Cart Enhancement PHP Object Injection (1.0.6)

Severity

High

Classification

CVE-2018-20329 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities