A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. Date published : 2022-04-15 https://support.chamilo.org/projects/1/wiki/Security_issues
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. Date published : 2022-04-15 https://github.com/chshcms/cscms/issues/16
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. Date published : 2022-04-15 https://github.com/chshcms/cscms/issues/15
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. Date published : 2022-04-15 https://github.com/chshcms/cscms/issues/14#issue-1170457945
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. Date published : 2022-04-15 https://github.com/chshcms/cscms/issues/13#issue-1170447891
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. Date published : 2022-04-15 https://github.com/chshcms/cscms/issues/12#issue-1170440183
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. Date published : 2022-04-15 https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a https://hubzilla.org/channel/hubzilla/
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. Date published : 2022-04-15 https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a https://hubzilla.org/channel/hubzilla/
pearweb < 1.32 suffers from Deserialization of Untrusted Data. Date published : 2022-04-15 https://github.com/pear/pearweb/commit/6447c174a6b4bd76d28ecca8543cbd24bf394f99
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. Date published : 2022-04-15 https://github.com/pear/pearweb/commit/6447c174a6b4bd76d28ecca8543cbd24bf394f99#diff-204452a70c5b0b0084097fcff6aee77c2c38cb77a41c4b2dd0065fda37a7489c