Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42029
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
Chamilo Chamilo 1.11.16
4
CVSSv2
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and previous versions contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be expl...
Chamilo Chamilo Lms
4.3
CVSSv2
CVE-2021-37390
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
Chamilo Chamilo Lms
3.5
CVSSv2
CVE-2021-35415
A stored cross-site scripting (XSS) vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
Chamilo Chamilo Lms
4.3
CVSSv2
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
Chamilo Chamilo 1.11.14
NA
CVE-2023-34958
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
Chamilo Chamilo Lms
NA
CVE-2023-34959
An issue in Chamilo v1.11.* up to v1.11.18 allows malicious users to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
Chamilo Chamilo Lms
NA
CVE-2023-34961
Chamilo v1.11.x up to v1.11.18 exists to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
Chamilo Chamilo Lms
NA
CVE-2023-34944
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows malicious users to execute arbitrary code via uploading a crafted SVG file.
Chamilo Chamilo Lms
NA
CVE-2023-34962
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
Chamilo Chamilo Lms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »