CVE Vulnerability

CVE-2021-34187

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-67-2021-05-27-High-impact-very-high-risk-Unauthenticated-SQL-injection Patch Vendor Advisory
https://murat.one/?p=118 Exploit Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/005dc8e9eccc6ea35264064ae09e2e84af8d5b59 Patch Third Party Advisory
https://github.com/chamilo/chamilo-lms/commit/f7f93579ed64765c2667910b9c24d031b0a00571 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*
Information

Published : 2021-06-28 04:15

Updated : 2021-07-01 06:34

NVD link : CVE-2021-34187

Mitre link : CVE-2021-34187

Products Affected
No products.
CWE
CWE-89