CVE Daily

CVE-2018-20329

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.cla...

High CVSS 8.1

Overview

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

CWE: CWE-89 Published: 2018-12-21T06:29:00.627
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.1 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags