← back
CVE-2021-38745

CVE-2021-38745

EPSS 0.8%
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-81-2021-07-26-High-impact-Low-risk-Zero-Code-RCE-in-admin