The vulnerability of the admin/user_import.php file in the Chamilo electronic training and content management software, related to the disclosure of protected information, allows a hacker to carry out an XXE attack.

The vulnerability of the admin/userimport.php file function in the Chamilo e-learning and content management software relates to the exposure of protected information. Exploiting this vulnerability could allow a malicious actor to carry out an XXE attack...

Chamilo 信息泄露漏洞

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...