Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo up to and including 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is ...
Chamilo Chamilo
570
VMScore
CVE-2012-4030
Chamilo prior to 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote malicious users to delete arbitrary files.
Chamilo Chamilo Lms
534
VMScore
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated malicious users to execute arbitrary code via a crafted .htaccess file.
Chamilo Chamilo Lms
516
VMScore
CVE-2015-9540
Chamilo LMS up to and including 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
Chamilo Chamilo Lms
516
VMScore
CVE-2015-5503
Open redirect vulnerability in the Chamilo integration module 7.x-1.x prior to 7.x-1.2 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
Chamilo Integration Project Chamilo Integration 7.x-1.0
Chamilo Integration Project Chamilo Integration 7.x-1.1
490
VMScore
CVE-2021-32925
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
Chamilo Chamilo
490
VMScore
CVE-2018-20329
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
Chamilo Chamilo Lms 1.11.8
409
VMScore
CVE-2021-38745
Chamilo LMS v1.11.14 exists to contain a zero click code injection vulnerability which allows malicious users to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Chamilo Chamilo 1.11.14
383
VMScore
CVE-2022-27422
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows malicious users to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
Chamilo Chamilo Lms
383
VMScore
CVE-2022-27425
Chamilo LMS v1.11.13 exists to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
Chamilo Chamilo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »