Filtered by vendor Chamilo
Subscriptions
Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4225 | 1 Chamilo | 2 Chamilo, Chamilo Lms | 2025-06-05 | 8.8 High |
| Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | ||||
| CVE-2023-3368 | 1 Chamilo | 1 Chamilo | 2025-06-03 | 9.8 Critical |
| Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. | ||||
| CVE-2022-40407 | 1 Chamilo | 1 Chamilo | 2025-05-20 | 8.8 High |
| A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | ||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2025-05-14 | 8.8 High |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | ||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 5.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | ||||
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | ||||
| CVE-2024-30619 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 7.5 High |
| Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online." | ||||
| CVE-2024-30616 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 8.8 High |
| Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity. | ||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 4.6 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | ||||
| CVE-2025-26153 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 5.4 Medium |
| A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. | ||||
| CVE-2024-51142 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. | ||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | 7.1 High |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | ||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2025-04-11 | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | ||||
| CVE-2023-31799 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | ||||
| CVE-2023-31803 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | ||||
| CVE-2023-31802 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | ||||
| CVE-2023-31801 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | ||||
| CVE-2023-31800 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | ||||
| CVE-2023-31807 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | ||||
| CVE-2023-31806 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | ||||