Lucene search
SecurityvulnsSECURITYVULNS:DOC:28469HistorySep 02, 2012 - 12:00 a.m.
Chamilo 1.8.8.4 Multiple Vulnerabilities
2012-09-0200:00:00
vulners.com
32
Chamilo 1.8.8.4 Multiple Vulnerabilities
CVE: CVE-2012-4029
Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS
-
PHP_SELF XSS
http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img
src=404 onerror=alert(1) > -
Stored XSS unfiltered input category_name
CVE: CVE-2012-4030
Issue: Unauthorized file delete
- Unauthorized file delete
You have to be subscribed to the course and you can delete other users
categories by bruteforcing the category ID.
Vendor:
www.chamilo.org
Vendor informed:
Jul 16/2012
Vendor acknowledgement:
Jul 16/2012
Fix Released
Version 1.8.8.6 - Jul 20/2012
Related
packetstorm
packetstorm
Chamilo 1.8.8.4 XSS / File Deletion
2012-08-27 00:00:00
prion
prion
Cross site scripting
2020-02-08 18:15:00
Input validation
2020-01-10 17:15:00
cve
cve
CVE-2012-4029
2020-02-08 18:15:00
CVE-2012-4030
2020-01-10 17:15:00
securityvulns
securityvulns
Related for SECURITYVULNS:DOC:28469