Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-20329 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-20329

High

Reference: CVE-2018-20329

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-20329

Title: Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.