Test ID:	1.3.6.1.4.1.25623.1.0.126316
Category:	Web application abuses
Title:	Chamilo LMS < 1.11.18 Multiple Vulnerabilities
Summary:	Chamilo LMS is prone to multiple vulnerabilities.
Description:	Summary: Chamilo LMS is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2019-20041 / Issue #91: XSS Vulnerability in HTML5 strings sanitization - CVE-2022-27426 / Issue #93: An attacker is able to enumerate the internal network and execute arbitrary system commands via a crafted Phar file - CVE-2022-42029 / Issue #95: Big file uploads could copy/move local files out of the Chamilo directory Affected Software/OS: Chamilo LMS prior to version 1.11.18. Solution: Update to version 1.11.18 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20041 Bugtraq: 20200108 [SECURITY] [DSA 4599-1] wordpress security update (Google Search) https://seclists.org/bugtraq/2020/Jan/8 Debian Security Information: DSA-4599 (Google Search) https://www.debian.org/security/2020/dsa-4599 Debian Security Information: DSA-4677 (Google Search) https://www.debian.org/security/2020/dsa-4677 https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2022-27426 https://support.chamilo.org/projects/1/wiki/Security_issues Common Vulnerability Exposure (CVE) ID: CVE-2022-42029 https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.