Zero Click Code Injection Vulnerability in Chamilo LMS v1.11.14 via Crafted Plugin

CVE-2021-38745 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.

Learn more about our User Device Pen Test.