Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-34187 - Vulnerability Database
Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2021-34187
Critical
Reference:
CVE-2021-34187
Title:
Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField filters or filters2 parameter.