Chamilo Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-38745 - Vulnerability Database

Chamilo Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-38745

Medium

Reference: CVE-2021-38745

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-38745

Title: Chamilo Improper Control of Generation of Code (Code Injection) Vulnerability

Overview:

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker39s profile page.