CVE-2021-32925

MEDIUM

Chamilo 1.11.0-1.11.15 - Authenticated XML External Entity Injection in User Import

Title source: llm

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

Core 4

Core References

Patch, Third Party Advisory x_refsource_misc

Third Party Advisory x_refsource_misc

Exploit, Mitigation, Third Party Advisory x_refsource_misc

Third Party Advisory x_refsource_misc

CVSS v3 6.5

EPSS 0.0192

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-611

Status published

Products (1)

chamilo/chamilo 1.11.0 - 1.11.16

Published May 13, 2021

Tracked Since Feb 18, 2026