SQL Injection Vulnerability in Chamilo LMS 1.9.6 and Earlier: Arbitrary SQL Command Execution

SQL Injection Vulnerability in Chamilo LMS 1.9.6 and Earlier: Arbitrary SQL Command Execution

CVE-2013-6787 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

Learn more about our User Device Pen Test.