exploit the possibilities

Chamilo 1.11.6 SQL Injection

Chamilo 1.11.6 SQL Injection
Posted Dec 6, 2018
Authored by Zekvan Arslan | Site netsparker.com

Chamilo version 1.11.6 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 50c127104e82ada5240331eb4f691d76

Chamilo 1.11.6 SQL Injection

Change Mirror Download

SQL Injection Vulnerabilities in Chamilo 1.11.6

Information
--------------------

Advisory by Netsparker
Name: SQL Injection Vulnerabilities in Chamilo 1.11.6
Affected Software: Chamilo
Affected Versions: 1.11.6
Homepage: https://chamilo.org/en/
Vulnerability: SQL injection
Severity: High
Status: Fixed
CVSS Score (3.0): 7.6
Netsparker Advisory Reference: NS-18-028

Technical Details
--------------------

URL: http://{DOMAIN}/{PATH-OF-CHAMILO}/main/admin/subscribe_user2course.php
Parameter Name: firstLetterUser
Parameter Type: POST
Attack Pattern: AaOR 1=1 OR ansa=ans

URL: http://{DOMAIN}/{PATH-OF-CHAMILO}/main/admin/subscribe_user2course.php
Parameter Name: firstLetterCourse
Parameter Type: POST
Attack Pattern: AaOR 1=1 OR ansa=ans

For more information on SQL Injection vulnerabilities read the article SQL Injection.

Advisory Timeline
--------------------

9th July 2018 - First Contact
28th November 2018 - Vendor Fixed
4th December 2018 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Zekvan Arslan while testing Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close