CVE-2021-35414

Опубликовано: 03 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

Ссылки

https://github.com/andrejspuler/writeups/tree/main/chamilo-lms#unauthenticated-sql-injection-2-in-plugin
Exploit
Patch
Third Party Advisory
https://github.com/andrejspuler/writeups/tree/main/chamilo-lms#unauthenticated-sql-injection-in-compilatio-module
Exploit
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/36149c1ff99973840a809bb865f23e1b23d6df00
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/6a98e32bb04aa66cbd0d29ad74d7d20cc7e7e9c5
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/f398b5b45c019f873a54fe25c815dbaaf963728b
Patch
Third Party Advisory
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-59-2021-05-13-High-impact-low-risk-Unauthenticated-SQL-injection-vulnerability-when-a-module-is-enabled
Patch
Vendor Advisory
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-65-2021-05-15-High-impact-very-high-risk-Unauthenticated-SQL-injection-in-plugin
Patch
Vendor Advisory
https://github.com/andrejspuler/writeups/tree/main/chamilo-lms#unauthenticated-sql-injection-2-in-plugin
Exploit
Patch
Third Party Advisory
https://github.com/andrejspuler/writeups/tree/main/chamilo-lms#unauthenticated-sql-injection-in-compilatio-module
Exploit
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/36149c1ff99973840a809bb865f23e1b23d6df00
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/6a98e32bb04aa66cbd0d29ad74d7d20cc7e7e9c5
Patch
Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/f398b5b45c019f873a54fe25c815dbaaf963728b
Patch
Third Party Advisory
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-59-2021-05-13-High-impact-low-risk-Unauthenticated-SQL-injection-vulnerability-when-a-module-is-enabled
Patch
Vendor Advisory
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-65-2021-05-15-High-impact-very-high-risk-Unauthenticated-SQL-injection-in-plugin
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

Версия от 1.11.0 (включая) до 1.11.16 (включая)

EPSS

Процентиль: 80%

0.01343

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wr64-8539-w4g9

github

около 4 лет назад