Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo lms vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-20329
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
Chamilo Chamilo Lms 1.11.8
6.1
CVSSv3
CVE-2020-23126
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
Chamilo Chamilo Lms 1.11.10
8.8
CVSSv3
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
Chamilo Chamilo Lms 1.11.10
4.9
CVSSv3
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Chamilo Chamilo Lms 1.11.10
5.4
CVSSv3
CVE-2018-20328
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of th...
Chamilo Chamilo Lms 1.11.8
4.8
CVSSv3
CVE-2023-31799
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the system annnouncements parameter.
Chamilo Chamilo Lms 1.11.18
5.4
CVSSv3
CVE-2023-31800
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the forum title parameter.
Chamilo Chamilo Lms 1.11.18
6.1
CVSSv3
CVE-2023-31801
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the skills wheel parameter.
Chamilo Chamilo Lms 1.11.18
5.4
CVSSv3
CVE-2023-31802
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the skype and linedin_url parameters.
Chamilo Chamilo Lms 1.11.18
4.8
CVSSv3
CVE-2023-31803
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local malicious user to execute arbitrary code via the resource sequencing parameters.
Chamilo Chamilo Lms 1.11.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »