Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo lms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-6787
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and previous versions, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "...
Chamilo Chamilo Lms 1.8.8.4
Chamilo Chamilo Lms 1.8.8.2
Chamilo Chamilo Lms 1.8.7.1
Chamilo Chamilo Lms 1.8.7
Chamilo Chamilo Lms
Chamilo Chamilo Lms 1.9.4
Chamilo Chamilo Lms 1.9.0
Chamilo Chamilo Lms 1.9.2
Chamilo Chamilo Lms 1.8.8.6
Chamilo Chamilo Lms 1.8.6.2
1 EDB exploit
9.8
CVSSv3
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request...
Chamilo Chamilo Lms 1.11.0
Chamilo Chamilo Lms 1.11.6
Chamilo Chamilo Lms 1.11.8
Chamilo Chamilo Lms 1.11.4
Chamilo Chamilo Lms 1.11.2
6.1
CVSSv3
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and previous versions contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to ...
Chamilo Chamilo Lms
9.8
CVSSv3
CVE-2021-35414
Chamilo LMS v1.11.x exists to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
Chamilo Chamilo Lms
6.1
CVSSv3
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated malicious users to perform stored cross-site scripting attacks and obtain remote code execution via uploading o...
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4221
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4222
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4223
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4224
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2023-4225
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »