8 matches found
SQL Injection in Chamilo LMS
Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...
CVE-2013-6787
SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...
CVE-2013-6787
SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...
CVE-2013-6787
Chamilo LMS 1.9.6 and earlier is affected by an SQL injection in the /main/auth/profile.php flow, caused by insufficient validation of the password0 POST parameter in the check_user_password function. When the installation uses non-encrypted passwords (Encryption method set to none), a remote aut...
Chamilo Lms 1.9.6 - profile.php?password SQL Injection
Chamilo Lms 1.9.6 - profile.php?password SQL Injection Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013...
Chamilo Lms 1.9.6 - 'profile.php?password' SQL Injection
Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...
Chamilo LMS 1.9.6 SQL Injection
Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...
SQL Injection in Chamilo LMS
High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of "password0" HTTP POST parameter passed to...