Lucene search
K

8 matches found

securityvulns
securityvulns
added 2013/12/09 12:0 a.m.60 views

SQL Injection in Chamilo LMS

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

6CVSS7.7AI score0.02739EPSS
Exploits6
NVD
NVD
added 2013/12/05 6:55 p.m.15 views

CVE-2013-6787

SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...

6CVSS7.8AI score0.02739EPSS
Exploits6References4
Cvelist
Cvelist
added 2013/12/05 6:0 p.m.34 views

CVE-2013-6787

SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...

7.8AI score0.02739EPSS
Exploits6References4
CVE
CVE
added 2013/12/05 6:0 p.m.69 views

CVE-2013-6787

Chamilo LMS 1.9.6 and earlier is affected by an SQL injection in the /main/auth/profile.php flow, caused by insufficient validation of the password0 POST parameter in the check_user_password function. When the installation uses non-encrypted passwords (Encryption method set to none), a remote aut...

6CVSS8AI score0.02739EPSS
Exploits6References4Affected Software1
exploitpack
exploitpack
added 2013/12/03 12:0 a.m.87 views

Chamilo Lms 1.9.6 - profile.php?password SQL Injection

Chamilo Lms 1.9.6 - profile.php?password SQL Injection Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013...

6CVSS0.3AI score0.02739EPSS
Exploits6
Exploit DB
Exploit DB
added 2013/12/03 12:0 a.m.52 views

Chamilo Lms 1.9.6 - 'profile.php?password' SQL Injection

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

6CVSS6.6AI score0.02739EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/11/27 12:0 a.m.95 views

Chamilo LMS 1.9.6 SQL Injection

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

6CVSS0.4AI score0.02739EPSS
Exploits6
htbridge
htbridge
added 2013/11/06 12:0 a.m.122 views

SQL Injection in Chamilo LMS

High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of "password0" HTTP POST parameter passed to...

6CVSS7.6AI score0.02739EPSS
Exploits6Affected Software1
Rows per page
Query Builder