Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-27423
Chamilo LMS v1.11.13 exists to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
Chamilo Chamilo Lms
7.5
CVSSv2
CVE-2021-35414
Chamilo LMS v1.11.x exists to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
Chamilo Chamilo Lms
7.5
CVSSv2
CVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo up to and including 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
Chamilo Chamilo
7.5
CVSSv2
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php ...
Chamilo Chamilo Lms 1.11.8
7.5
CVSSv2
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request...
Chamilo Chamilo Lms 1.11.0
Chamilo Chamilo Lms 1.11.6
Chamilo Chamilo Lms 1.11.8
Chamilo Chamilo Lms 1.11.4
Chamilo Chamilo Lms 1.11.2
6.8
CVSSv2
CVE-2021-40662
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows malicious users to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
Chamilo Chamilo 1.11.14
1 Github repository
6.8
CVSSv2
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
Chamilo Chamilo Lms 1.11.10
6.5
CVSSv2
CVE-2022-27426
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows malicious users to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
Chamilo Chamilo Lms
6.5
CVSSv2
CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing malicious users to escalate privileges to Platform Admin.
Chamilo Chamilo Lms
6.5
CVSSv2
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo up to and including 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is ...
Chamilo Chamilo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »