Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-35413

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.