Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.

Expand Up

@@ -188,7 +188,7 @@ public static function addNode($code, $name, $canHaveCourses, $parent\_id)

$tree\_pos = $row\['maxTreePos'\] + 1;

  

$params = \[

'name' => $name,

'name' => html\_filter($name),

'code' => $code,

'parent\_id' => empty($parent\_id) ? null : $parent\_id,

'tree\_pos' => $tree\_pos,

Expand Down Expand Up

@@ -300,29 +300,34 @@ public static function editNode(

$tbl\_course = Database::get\_main\_table(TABLE\_MAIN\_COURSE);

$tbl\_category = Database::get\_main\_table(TABLE\_MAIN\_CATEGORY);

  

$code = trim(Database::escape\_string($code));

$name = trim(Database::escape\_string($name));

$old\_code = Database::escape\_string($old\_code);

$canHaveCourses = Database::escape\_string($canHaveCourses);

$code = CourseManager::generate\_course\_code($code);

$name = html\_filter($name);

  

$code = CourseManager::generate\_course\_code($code);

// Updating category

$sql = "UPDATE $tbl\_category SET

name='$name',

code='$code',

auth\_course\_child = '$canHaveCourses'

WHERE code = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\[

'name' => $name,

'code' => $code,

'auth\_course\_child' => $canHaveCourses,

\],

\['code = ?' => $old\_code\]

);

  

// Updating children

$sql = "UPDATE $tbl\_category SET parent\_id = '$code'

WHERE parent\_id = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\['parent\_id' => $code\],

\['parent\_id = ?' => $old\_code\]

);

  

// Updating course category

$sql = "UPDATE $tbl\_course SET category\_code = '$code'

WHERE category\_code = '$old\_code' ";

Database::query($sql);

Database::update(

$tbl\_course,

\['category\_code' => $code\],

\['category\_code = ?' => $old\_code\]

);

  

Database::update(

$tbl\_category,

Expand Down

CVE-2023-37062: Course: filter HTML when saving/updating category · chamilo/chamilo-lms@c263933

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.

Expand Up

@@ -195,13 +195,15 @@

  

if (isset($\_POST\['Submit'\]) && $\_POST\['Submit'\]) {

// changing the name

$name = Database::escape\_string($\_POST\['txt\_name'\]);

$name = html\_filter($\_POST\['txt\_name'\]);

$postId = (int) $\_POST\['edit\_id'\];

$sql = "UPDATE $tbl\_admin\_languages SET original\_name='$name'

WHERE id='$postId'";

$result = Database::query($sql);

Database::update(

$tbl\_admin\_languages,

\['original\_name' => $name\],

\['id = ?' => $postId\]

);

// changing the Platform language

if ($\_POST\['platformlanguage'\] && $\_POST\['platformlanguage'\] != '') {

if (isset($\_POST\['platformlanguage'\]) && $\_POST\['platformlanguage'\] != '') {

api\_set\_setting('platformLanguage', $\_POST\['platformlanguage'\], null, null, $\_configuration\['access\_url'\]);

}

} elseif (isset($\_POST\['action'\])) {

Expand Down

CVE-2023-37061: Admin: filter HTML when updating language · chamilo/chamilo-lms@75e9b3e

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

CVE-2023-37066: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

With the **combinations** on fly module, you will **amazingly accelerate the product page loading**, it's an **unlimitated product combinations generator.**

The most detrimental to shop is the number of combinations for a product, the **generator** that can not accept the generation of all combinations if they are too numerous, the second point is even more penalizing on products pages loading, because PrestaShop load all existing combinations, which can, in some cases, lead to **unacceptable page display times for customers** and especially they will be penalized by **Google algorithms**, and lead to the fall of your pages rank in searchs.

The **combinations on the fly** module allows to generate only **simple combinations** (only 1 attribute), which **reduces their generation time** and no longer a problem even if you have a lot of attribute values.

On the product, **only the existing combinations are loaded on page display**, allowing to **minimize its duration**.

You will be able to **generate unlimited combinations** with the Prestashop generator.

When a customer changes an attribute, if the resulting combination does not exist, the module **create and load it**.

There is a system to remove the generated combinations in order not to overload the server, the combinations being obsolete after order, so your pages will be lighter than ever and your server will gain speed.

The installation of the module on the site of a customer made it possible to **divide the time of display by 3** and the weight of the page by 4.

Links to download the documentations of the module are available at the bottom of the page.

**Prestashop compatible version**

1.5 & 1.6

**Module version**

0.3.1

Demo url

CVE-2023-33664: Prestashop module combinations on fly

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

CVE-2023-25201: Security Advisories - usd HeroLab

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.
The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized

Vulnerability / Cyber Threat

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities.

The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

SQL injection vulnerabilities are a well-known and dangerous security flaw that allows attackers to manipulate databases and run any code they want. Attackers can send specifically designed payloads to certain endpoints of the affected application, which could change or expose sensitive data in the database.

The reason CVE-2023-36934 is so critical is that it can be exploited without having to be logged in. This means that even attackers without valid credentials can potentially exploit the vulnerability. However, as of now, there have been no reports of this particular vulnerability being actively used by attackers.

This discovery comes after a series of recent cyberattacks that used a different SQL injection vulnerability (CVE-2023-34362) to target MOVEit Transfer with Clop ransomware. These attacks resulted in data theft and money extortion from affected organizations.

This latest security update from Progress Software also addresses two other high-severity vulnerabilities: CVE-2023-36932 and CVE-2023-36933.

CVE-2023-36932 is a SQL injection flaw that can be exploited by attackers who are logged in to gain unauthorized access to the MOVEit Transfer database. CVE-2023-36933, on the other hand, is a vulnerability that allows attackers to unexpectedly shut down the MOVEit Transfer program.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

Researchers from HackerOne and Trend Micro's Zero Day Initiative responsibly reported Progress Software about these vulnerabilities.

These vulnerabilities affect multiple MOVEit Transfer versions, including 12.1.10 and previous versions, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and older, 14.1.7 and older, and 15.0.3 and earlier.

Progress Software has made the necessary updates available for all major MOVEit Transfer versions. Users are strongly advised to update to the latest version of MOVEit Transfer to reduce the risks posed by these vulnerabilities.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#sql