Chamilo LMS SQL Injection Vulnerability in Course Copy Feature

A SQL injection vulnerability has been identified in Chamilo LMS versions prior to 1.11.30. The issue arises from inadequate validation of user-supplied data in POST requests to the 'copy_course_session_selected.php' file. This vulnerability allows authenticated users with at least trainer privileges to inject arbitrary SQL statements, potentially altering database query logic and leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can manipulate SQL queries to extract information from the database, such as the DBMS version, or potentially modify database contents.

Reproduction

To reproduce this vulnerability, an authenticated user with trainer privileges must send a POST request to '/main/coursecopy/copy_course_session_selected.php' with injected SQL in the 'resource[document]' parameter. The injection can be verified by causing a SQL error that reveals database information, such as the version number.

Remediation

Users should update to Chamilo LMS version 1.11.30 or later, where this vulnerability has been patched.