OSV-2021-40 Heap-buffer-overflow in rijndaelDecrypt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29454 Crash type: Heap-buffer-overflow READ 1 Crash state: rijndaelDecrypt aes256cbcdecrypt checkuserpassword...

Sql injection

SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...