QwikSec

Security Database

CVE

CWE

Training

CVE-2013-6787

Published: Dec 5, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

20131127 SQL Injection in Chamilo LMS

mailing-list

x_refsource_BUGTRAQ

https://www.htbridge.com/advisory/HTB23182

x_refsource_MISC

https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.