Filtered by vendor Chamilo
Subscriptions
Filtered by product Chamilo Lms
Subscriptions
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4225 | 1 Chamilo | 2 Chamilo, Chamilo Lms | 2025-06-05 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 5.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | ||||
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | ||||
| CVE-2024-30619 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 7.5 High |
| Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online." | ||||
| CVE-2024-30616 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 8.8 High |
| Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity. | ||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 4.6 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | ||||
| CVE-2025-26153 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 5.4 Medium |
| A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. | ||||
| CVE-2024-51142 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. | ||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | 7.1 High |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | ||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2025-04-11 | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | ||||
| CVE-2023-31799 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | ||||
| CVE-2023-31803 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | ||||
| CVE-2023-31802 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | ||||
| CVE-2023-31801 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | ||||
| CVE-2023-31800 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | ||||
| CVE-2023-31807 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | ||||
| CVE-2023-31806 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | ||||
| CVE-2023-31805 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | ||||
| CVE-2023-31804 | 1 Chamilo | 1 Chamilo Lms | 2025-01-28 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | ||||
| CVE-2023-34961 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | 6.1 Medium |
| Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | ||||