Описание
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:chamilo:chamilo:1.11.14:-:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01541
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 6.8
github
почти 4 года назад
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
EPSS
Процентиль: 81%
0.01541
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-94