Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Enes4xd/Enes4xd
- https://github.com/cr0ss2018/cr0ss2018
- https://github.com/ezelnur6327/Enes4xd
- https://github.com/ezelnur6327/ezelnur6327