Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated malicious users to execute arbitrary code via a crafted .htaccess file.
Chamilo Chamilo Lms
8.8
CVSSv3
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
Chamilo Chamilo Lms 1.11.10
8.1
CVSSv3
CVE-2023-34962
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
Chamilo Chamilo Lms
8.1
CVSSv3
CVE-2018-20329
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
Chamilo Chamilo Lms 1.11.8
7.5
CVSSv3
CVE-2012-4030
Chamilo prior to 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote malicious users to delete arbitrary files.
Chamilo Chamilo Lms
7.2
CVSSv3
CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing malicious users to escalate privileges to Platform Admin.
Chamilo Chamilo Lms
7.2
CVSSv3
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo up to and including 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is ...
Chamilo Chamilo
6.8
CVSSv3
CVE-2021-38745
Chamilo LMS v1.11.14 exists to contain a zero click code injection vulnerability which allows malicious users to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
Chamilo Chamilo 1.11.14
6.5
CVSSv3
CVE-2021-32925
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
Chamilo Chamilo
6.5
CVSSv3
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and previous versions contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be expl...
Chamilo Chamilo Lms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »