Chamilo : Security Vulnerabilities, CVEs, Published In 2013 (Sql injection)
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Max CVSS
6.0
EPSS Score
0.08%
Published
2013-12-05
Updated
2013-12-27
1 vulnerabilities found