SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and previous versions, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chamilo chamilo lms 1.8.8.4 |
||
chamilo chamilo lms 1.8.8.2 |
||
chamilo chamilo lms 1.8.7.1 |
||
chamilo chamilo lms 1.8.7 |
||
chamilo chamilo lms |
||
chamilo chamilo lms 1.9.4 |
||
chamilo chamilo lms 1.9.0 |
||
chamilo chamilo lms 1.9.2 |
||
chamilo chamilo lms 1.8.8.6 |
||
chamilo chamilo lms 1.8.6.2 |