Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chamilo chamilo lms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4226
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Chamilo Chamilo Lms
6.4
CVSSv2
CVE-2012-4030
Chamilo prior to 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote malicious users to delete arbitrary files.
Chamilo Chamilo Lms
5.8
CVSSv2
CVE-2015-9540
Chamilo LMS up to and including 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
Chamilo Chamilo Lms
6.5
CVSSv2
CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing malicious users to escalate privileges to Platform Admin.
Chamilo Chamilo Lms
4.3
CVSSv2
CVE-2022-27422
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows malicious users to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
Chamilo Chamilo Lms
7.5
CVSSv2
CVE-2022-27423
Chamilo LMS v1.11.13 exists to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
Chamilo Chamilo Lms
6.5
CVSSv2
CVE-2022-27426
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows malicious users to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
Chamilo Chamilo Lms
NA
CVE-2023-39582
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged malicious user to obtain sensitive information via the import sessions functions.
Chamilo Chamilo Lms
3.5
CVSSv2
CVE-2018-20327
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk&...
Chamilo Chamilo Lms 1.11.8
3.5
CVSSv2
CVE-2018-20328
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of th...
Chamilo Chamilo Lms 1.11.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »