{"vulnerability": "CVE-2021-3541", "sightings": [{"uuid": "16ae4c63-ce88-448c-8a39-c120e24747db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35413", "type": "seen", "source": "https://t.me/cibsecurity/33347", "content": "\u203c CVE-2021-35413 \u203c\n\nA remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-04T00:38:14.000000Z"}, {"uuid": "fd56c77d-9310-4237-ba6f-a18278704c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35414", "type": "seen", "source": "https://t.me/cibsecurity/33346", "content": "\u203c CVE-2021-35414 \u203c\n\nChamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-04T00:38:13.000000Z"}, {"uuid": "f1d11825-13f1-4bf2-a18f-8bdee043dec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35415", "type": "seen", "source": "https://t.me/cibsecurity/33344", "content": "\u203c CVE-2021-35415 \u203c\n\nA stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course \"Title\" and \"Content\" fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-04T00:38:11.000000Z"}]}