Andrejspuler

**Name of the Vulnerable Software and Affected Versions** Chamilo versions 1.11.x **Description** The issue is related to the `admin/user import.php` file in Chamilo, which reads XML data without properly disabling the ability to load external entities. This can lead to an XXE (XML External Entity) attack, potentially allowing a remote attacker to disclose protected information. **Recommendations** For Chamilo versions 1.11.x, consider disabling the `admin/user import.php` file or restricting its access to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `admin/user import.php` file for XML data import until the issue is resolved.