Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-4221
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4223
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4224
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4225
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4226
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4222
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2022-42029
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
Chamilo Chamilo 1.11.16
8.8
CVSSv3
CVE-2022-40407
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows malicious users to execute arbitrary code via a crafted Zip file.
Chamilo Chamilo 1.11
8.8
CVSSv3
CVE-2022-27426
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows malicious users to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2021-40662
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows malicious users to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
Chamilo Chamilo 1.11.14
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »