Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated malicious users to perform stored cross-site scripting attacks and obtain remote code execution via uploading o...
Chamilo Chamilo Lms
NA
CVE-2023-4221
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
NA
CVE-2023-4222
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
NA
CVE-2023-4223
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
NA
CVE-2023-4224
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
NA
CVE-2023-4225
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
NA
CVE-2023-4226
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
4.3
CVSSv2
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and previous versions contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to ...
Chamilo Chamilo Lms
4
CVSSv2
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and previous versions contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be expl...
Chamilo Chamilo Lms
4.3
CVSSv2
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
Chamilo Chamilo 1.9.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »