A zero-code remote code injection vulnerability via...
High severity
Unreviewed
Published
Apr 16, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Apr 15, 2022
Published to the GitHub Advisory Database
Apr 16, 2022
Last updated
Jan 27, 2023
A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.
References