HomePentest-Tools.com Logo

Chamilo LMS < 1.11.18 Multiple Vulnerabilities CVE-2019-20041CVE-2022-27426CVE-2022-42029

Severity
CVSSv3 Score
8.8
Vulnerability description

Chamilo LMS is prone to multiple vulnerabilities.

Risk description

The following flaws exist: - CVE-2019-20041 / Issue #91: XSS Vulnerability in HTML5 strings sanitization - CVE-2022-27426 / Issue #93: An attacker is able to enumerate the internal network and execute arbitrary system commands via a crafted Phar file - CVE-2022-42029 / Issue #95: Big file uploads could copy/move local files out of the Chamilo directory

Recommendation

Update to version 1.11.18 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 27, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available