CVE-2021-34187
CRITICAL EXPLOITED NUCLEIChamilo < 1.11.14 - SQL Injection
Title source: ruleDescription
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
Nuclei Templates (1)
Chamilo model.ajax.php - SQL Injection
CRITICALVERIFIEDby DhiyaneshDK
Shodan:
X-Powered-By: Chamilo
FOFA:
banner="X-Powered-By: Chamilo"
Scores
CVSS v3
9.8
EPSS
0.8949
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-12-02
CWE
CWE-89
Status
published
Products (1)
chamilo/chamilo
< 1.11.14
Published
Jun 28, 2021
Tracked Since
Feb 18, 2026