Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-6787
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and previous versions, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "...
Chamilo Chamilo Lms 1.8.8.4
Chamilo Chamilo Lms 1.8.8.2
Chamilo Chamilo Lms 1.8.7.1
Chamilo Chamilo Lms 1.8.7
Chamilo Chamilo Lms
Chamilo Chamilo Lms 1.9.4
Chamilo Chamilo Lms 1.9.0
Chamilo Chamilo Lms 1.9.2
Chamilo Chamilo Lms 1.8.8.6
Chamilo Chamilo Lms 1.8.6.2
1 EDB exploit
9.8
CVSSv3
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request...
Chamilo Chamilo Lms 1.11.0
Chamilo Chamilo Lms 1.11.6
Chamilo Chamilo Lms 1.11.8
Chamilo Chamilo Lms 1.11.4
Chamilo Chamilo Lms 1.11.2
3.5
CVSSv3
CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged malicious user to execute arbitrary code.
Chamilo Chamilo
9.8
CVSSv3
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows malicious users to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Chamilo Chamilo
1 Metasploit module
8 Github repositories
6.1
CVSSv3
CVE-2012-4029
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS prior to 1.8.8.6 allows remote malicious users to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
Chamilo Chamilo
7.2
CVSSv3
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo up to and including 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is ...
Chamilo Chamilo
6.1
CVSSv3
CVE-2022-27425
Chamilo LMS v1.11.13 exists to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
Chamilo Chamilo
9.8
CVSSv3
CVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo up to and including 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
Chamilo Chamilo
9.8
CVSSv3
CVE-2023-3545
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated malicious users to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This ...
Chamilo Chamilo
9.8
CVSSv3
CVE-2023-3533
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated malicious users to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
Chamilo Chamilo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »