CVE-2023-39582: 
Chamilo vulnerability analysis and mitigation

SQL Injection vulnerability in Chamilo LMS versions 1.11 through 1.11.20 affects the import sessions functions. This vulnerability allows remote privileged attackers to obtain sensitive information from the system (NVD). The vulnerability was discovered and disclosed on July 18, 2023, and was assigned CVE-2023-39582.

The vulnerability has been classified as a SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 4.9 (MEDIUM). The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring High privileges (PR:H), and No user interaction (UI:N). The scope is Unchanged (S:U), with High confidentiality impact (C:H), but No impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows privileged attackers to access and extract sensitive information from the database through the import sessions functionality. The impact is primarily focused on data confidentiality, with no direct impact on system integrity or availability (NVD).

The vulnerability affects Chamilo LMS versions from 1.11 through 1.11.20. Users should upgrade to a patched version of the software to mitigate this vulnerability (NVD, Chamilo Advisory).