CVE-2018-1999019

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to the version containing commit 0de84700648f098c1fbf6b807dee28ec640efe62

Description The issue concerns an Unserialization vulnerability in the hash GET parameter for the API endpoint located at "/webservices/api/v2.php". This can result in Unauthenticated remote code execution via a simple GET request to the API endpoint.

Recommendations For versions prior to the one containing commit 0de84700648f098c1fbf6b807dee28ec640efe62, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the "/webservices/api/v2.php" API endpoint to minimize the risk of exploitation. Avoid using the hash parameter in the affected API endpoint until the issue is resolved.