First published: Thu May 13 2021(Updated: )
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo | >=1.11.0<=1.11.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32925 is a vulnerability in Chamilo 1.11.x that allows the reading of XML data without disabling the ability to load external entities.
CVE-2021-32925 has a severity level of medium with a CVSS score of 6.5.
Chamilo versions 1.11.0 to 1.11.16 are affected by CVE-2021-32925.
To fix CVE-2021-32925, update Chamilo to a version higher than 1.11.16 and apply the necessary patches.
You can find more information about CVE-2021-32925 on the GitHub page and the official Chamilo support page.