Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-6787
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and previous versions, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "...
Chamilo Chamilo Lms 1.8.8.4
Chamilo Chamilo Lms 1.8.8.2
Chamilo Chamilo Lms 1.8.7.1
Chamilo Chamilo Lms 1.8.7
Chamilo Chamilo Lms
Chamilo Chamilo Lms 1.9.4
Chamilo Chamilo Lms 1.9.0
Chamilo Chamilo Lms 1.9.2
Chamilo Chamilo Lms 1.8.8.6
Chamilo Chamilo Lms 1.8.6.2
1 EDB exploit
668
VMScore
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request...
Chamilo Chamilo Lms 1.11.0
Chamilo Chamilo Lms 1.11.6
Chamilo Chamilo Lms 1.11.8
Chamilo Chamilo Lms 1.11.4
Chamilo Chamilo Lms 1.11.2
NA
CVE-2023-3533
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated malicious users to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
Chamilo Chamilo
NA
CVE-2023-3368
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated malicious users to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
Chamilo Chamilo
383
VMScore
CVE-2012-4029
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS prior to 1.8.8.6 allows remote malicious users to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
Chamilo Chamilo
NA
CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged malicious user to execute arbitrary code.
Chamilo Chamilo
NA
CVE-2023-37061
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
Chamilo Chamilo
NA
CVE-2023-37062
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
Chamilo Chamilo
NA
CVE-2023-37063
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
Chamilo Chamilo
NA
CVE-2023-37064
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
Chamilo Chamilo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »