Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo lms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and previous versions contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to ...
Chamilo Chamilo Lms
6.5
CVSSv3
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and previous versions contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be expl...
Chamilo Chamilo Lms
7.5
CVSSv3
CVE-2012-4030
Chamilo prior to 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote malicious users to delete arbitrary files.
Chamilo Chamilo Lms
9.8
CVSSv3
CVE-2021-35414
Chamilo LMS v1.11.x exists to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
Chamilo Chamilo Lms
6.1
CVSSv3
CVE-2021-37390
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
Chamilo Chamilo Lms
5.4
CVSSv3
CVE-2021-37391
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerabil...
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated malicious users to execute arbitrary code via a crafted .htaccess file.
Chamilo Chamilo Lms
4.8
CVSSv3
CVE-2021-35415
A stored cross-site scripting (XSS) vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
Chamilo Chamilo Lms
4.8
CVSSv3
CVE-2023-31799
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the system annnouncements parameter.
Chamilo Chamilo Lms 1.11.18
5.4
CVSSv3
CVE-2023-31800
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the forum title parameter.
Chamilo Chamilo Lms 1.11.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »