CVE-2026-30881 | Chamilo LMS up to 1.11.35 AJAX Endpoint Database::escape_string sql injection

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Chamilo LMS up to 1.11.35. It has been rated as critical. Impacted is the function Database::escape_string of the component AJAX Endpoint. The manipulation leads to sql injection.

This vulnerability is listed as CVE-2026-30881. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-30881 | Chamilo LMS up to 1.11.35 AJAX Endpoint Database::escape_string sql injection

Post correlati

CVE-2025-22711 | Thomas Maier Image Source Control Plugin up to 2.29.0 on WordPress cross site scripting

CVE-2025-59903 | Kubysoft SVG Image cross site scripting

CVE-2025-63711 | SourceCodester Client Database Management System 1.0 user_id cross-site request forgery

CVE-2024-6253 | itsourcecode Online Food Ordering System 1.0 /purchase.php customer sql injection