Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo lms vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated malicious users to execute arbitrary code via a crafted .htaccess file.
Chamilo Chamilo Lms
668
VMScore
CVE-2021-35414
Chamilo LMS v1.11.x exists to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
Chamilo Chamilo Lms
312
VMScore
CVE-2021-35415
A stored cross-site scripting (XSS) vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
Chamilo Chamilo Lms
NA
CVE-2023-34961
Chamilo v1.11.x up to v1.11.18 exists to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
Chamilo Chamilo Lms
NA
CVE-2023-34944
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows malicious users to execute arbitrary code via uploading a crafted SVG file.
Chamilo Chamilo Lms
NA
CVE-2023-34958
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
Chamilo Chamilo Lms
NA
CVE-2023-34959
An issue in Chamilo v1.11.* up to v1.11.18 allows malicious users to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
Chamilo Chamilo Lms
NA
CVE-2023-34962
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
Chamilo Chamilo Lms
516
VMScore
CVE-2015-9540
Chamilo LMS up to and including 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
Chamilo Chamilo Lms
570
VMScore
CVE-2012-4030
Chamilo prior to 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote malicious users to delete arbitrary files.
Chamilo Chamilo Lms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »