9.8
CVE-2018-1999019
- EPSS 1.68%
- Veröffentlicht 23.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginChamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chamilo ≫ Chamilo Lms Version1.11.0 Update-
Chamilo ≫ Chamilo Lms Version1.11.0 Updatealpha2
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta1
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta2
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta3
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta4
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta5
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta6
Chamilo ≫ Chamilo Lms Version1.11.0 Updatebeta7
Chamilo ≫ Chamilo Lms Version1.11.0 Updaterc1
Chamilo ≫ Chamilo Lms Version1.11.2
Chamilo ≫ Chamilo Lms Version1.11.4 Update-
Chamilo ≫ Chamilo Lms Version1.11.4 Updatealpha1
Chamilo ≫ Chamilo Lms Version1.11.4 Updatealpha2
Chamilo ≫ Chamilo Lms Version1.11.4 Updatebeta1
Chamilo ≫ Chamilo Lms Version1.11.4 Updaterc1
Chamilo ≫ Chamilo Lms Version1.11.6 Update-
Chamilo ≫ Chamilo Lms Version1.11.6 Updatealpha1
Chamilo ≫ Chamilo Lms Version1.11.8 Update-
Chamilo ≫ Chamilo Lms Version1.11.8 Updaterc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.818 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.