Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0.

N/A

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Chamilo SQL注入漏洞

Chamilo是Chamilo开源的一个学习管理系统。 Chamilo 2.0.0-RC.2版本存在SQL注入漏洞，该漏洞源于统计AJAX端点存在SQL注入问题，可能导致经过身份验证的管理员执行基于时间的盲SQL注入并提取数据库中的任意数据。

N/A

N/A