CVE-2021-35414

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version v1.11.x

Description: The issue is related to a SQL injection via the doc parameter in the main/plagiarism/compilatio/upload.php file. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For Chamilo LMS version v1.11.x, consider disabling access to the upload.php file in the main/plagiarism/compilatio directory until a patch is available. Avoid using the doc parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.