Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chamilo chamilo lms 1.11.0 |
||
chamilo chamilo lms 1.11.6 |
||
chamilo chamilo lms 1.11.8 |
||
chamilo chamilo lms 1.11.4 |
||
chamilo chamilo lms 1.11.2 |