Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-6787
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and previous versions, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "...
Chamilo Chamilo Lms 1.8.8.4
Chamilo Chamilo Lms 1.8.8.2
Chamilo Chamilo Lms 1.8.7.1
Chamilo Chamilo Lms 1.8.7
Chamilo Chamilo Lms
Chamilo Chamilo Lms 1.9.4
Chamilo Chamilo Lms 1.9.0
Chamilo Chamilo Lms 1.9.2
Chamilo Chamilo Lms 1.8.8.6
Chamilo Chamilo Lms 1.8.6.2
1 EDB exploit
668
VMScore
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request...
Chamilo Chamilo Lms 1.11.0
Chamilo Chamilo Lms 1.11.6
Chamilo Chamilo Lms 1.11.8
Chamilo Chamilo Lms 1.11.4
Chamilo Chamilo Lms 1.11.2
NA
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows malicious users to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Chamilo Chamilo
1 Metasploit module
8 Github repositories
NA
CVE-2023-3545
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated malicious users to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This ...
Chamilo Chamilo
NA
CVE-2023-3533
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated malicious users to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
Chamilo Chamilo
578
VMScore
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo up to and including 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is ...
Chamilo Chamilo
383
VMScore
CVE-2012-4029
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS prior to 1.8.8.6 allows remote malicious users to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
Chamilo Chamilo
668
VMScore
CVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo up to and including 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
Chamilo Chamilo
NA
CVE-2023-3368
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated malicious users to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
Chamilo Chamilo
NA
CVE-2023-39061
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged malicious user to execute arbitrary code.
Chamilo Chamilo
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »