First published: Mon Mar 21 2022(Updated: )
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo | =1.11.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38745 is a zero click code injection vulnerability in Chamilo LMS v1.11.14, allowing attackers to execute arbitrary code via a crafted plugin.
CVE-2021-38745 is triggered when a user interacts with the attacker's profile page in Chamilo LMS v1.11.14.
CVE-2021-38745 has a severity rating of medium (6.8) according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-38745 affects Chamilo LMS v1.11.14.
To mitigate CVE-2021-38745, it is recommended to update Chamilo LMS to a patched version or apply the necessary security fixes provided by the vendor.