Skip to main content

Chamilo Lms

102 CVEs product

Monthly

CVE-2026-40291 HIGH PATCH This Week

{id} endpoint to assign themselves ROLE_ADMIN privileges, bypassing intended access controls. The vulnerability stems from inadequate authorization checks that verify only record ownership without restricting modification of security-critical fields. With CVSS 8.8 (High) and low attack complexity requiring only basic authentication, this represents a critical access control failure in educational platforms. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the straightforward attack vector makes exploitation trivial for malicious insiders.

Privilege Escalation Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34602 HIGH PATCH This Week

Insecure Direct Object Reference in Chamilo LMS /api/course_rel_users endpoint allows authenticated attackers to enroll arbitrary users into any course without authorization (CVSS 7.1, High Integrity impact). Affects all versions prior to 2.0.0-RC.3. The vulnerability enables authenticated users to manipulate user-course relationships by modifying the user parameter in API requests, bypassing enrollment controls entirely. No public exploit code identified at time of analysis, though the attack v

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-34370 MEDIUM PATCH This Month

Chamilo LMS versions prior to 2.0.0-RC.3 allow authenticated students to read private course notes of any other user via an Insecure Direct Object Reference (IDOR) vulnerability in the notebook module's editnote action. An attacker can manipulate the notebook_id parameter to bypass ownership checks in the read path (get_note_information()), exposing note titles and HTML body content despite write-path protections existing in updateNote() and delete_note(). The vulnerability requires valid student credentials but impacts confidentiality of sensitive educational materials across the platform.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34161 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated users to upload malicious HTML files containing JavaScript via the social post attachment API endpoint. The uploaded files are served without sanitization, content-type restrictions, or proper content-disposition headers, causing embedded JavaScript to execute in the browser within the application's trusted origin. This enables session hijacking, account takeover, and privilege escalation attacks, particularly when an administrator views a malicious link. The vulnerability is confirmed fixed in version 2.0.0-RC.3.

Privilege Escalation XSS Chamilo Lms
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-33737 MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allow authenticated attackers to read arbitrary server files through XML External Entity (XXE) injection via improper use of simplexml_load_string() with the LIBXML_NOENT flag enabled across multiple application files. The vulnerability requires low-privilege authentication and medium attack complexity but grants high confidentiality impact with no integrity or availability impact; no public exploit code or active exploitation has been identified at the time of analysis.

XXE Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33736 MEDIUM PATCH This Month

Chamilo LMS versions prior to 2.0.0-RC.3 allow authenticated students and lower-privileged users to enumerate all platform users and extract sensitive personal information (email addresses, phone numbers, role assignments) through an unauthenticated API endpoint (GET /api/users), enabling reconnaissance of administrator accounts and organizational structure. The vulnerability affects any installation with user accounts below administrative level and is fixed in version 2.0.0-RC.3.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33710 HIGH PATCH This Week

Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33708 MEDIUM PATCH This Month

Chamilo LMS REST API endpoint get_user_info_from_username fails to authorize requests, exposing personal information (email, names, user ID, active status) to any authenticated user regardless of role prior to version 1.11.38. An attacker with valid login credentials, including a student account, can enumerate and retrieve sensitive user data for any account in the system.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33707 CRITICAL PATCH Act Now

Unauthenticated password reset takeover in Chamilo LMS 1.11.x (prior to 1.11.38) and 2.0.0-RC versions (prior to RC.3) allows remote attackers to hijack arbitrary user accounts by computing deterministic reset tokens. The vulnerability stems from insecure token generation using sha1($email) without randomization, expiration, or rate limiting. Attackers knowing a target's email address can directly calculate valid password reset tokens and change account credentials without prior authentication, enabling full account takeover with high confidentiality and integrity impact. No public exploit identified at time of analysis.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-33706 HIGH PATCH This Week

Privilege escalation in Chamilo LMS versions prior to 1.11.38 allows any authenticated user with a REST API key to elevate their account status from student (status=5) to teacher/course manager (status=1) by manipulating the status field through the update_user_from_username REST API endpoint. This enables unauthorized course creation and management capabilities. Authentication is required (PR:L), but once exploited, attackers gain high-integrity administrative functions within the learning management system. No public exploit identified at time of analysis.

Privilege Escalation Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33705 MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 expose Twig template files (.tpl) in the /main/template/default/ directory to unauthenticated HTTP GET requests, allowing remote attackers to disclose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure without authentication. This information disclosure vulnerability has a CVSS score of 5.3 with confirmed patch availability in version 1.11.38.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33703 HIGH PATCH This Week

{userId} endpoint. Attack requires only low-privilege authentication (PR:L) and no user interaction, enabling mass disclosure of credentials and sensitive information across the entire platform. Affects all Chamilo LMS versions prior to 2.0.0-RC.3. No public exploit identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-33141 MEDIUM PATCH This Month

Insecure Direct Object Reference in Chamilo LMS REST API stats endpoint allows authenticated low-privilege users to read unauthorized access to any user's learning progress, certificates, and gradebook scores across all courses prior to version 2.0.0-RC.3. The vulnerability requires only valid user credentials (accessible to students with ROLE_USER) and network access, enabling horizontal privilege escalation without administrative intervention or system compromise. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32930 HIGH PATCH This Week

Authenticated teachers in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 can access and modify gradebook evaluation settings across unauthorized courses through Insecure Direct Object Reference in the editeval parameter. Attackers with low-privilege teacher accounts can alter evaluation names, maximum scores, and weights for assessments in courses they do not own, enabling unauthorized data disclosure and integrity compromise. No public exploit identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32894 HIGH PATCH This Week

Authenticated teachers in Chamilo LMS can delete arbitrary student grades platform-wide through Insecure Direct Object Reference in gradebook result views. By manipulating delete_mark or resultdelete GET parameters, attackers bypass course-scope and ownership controls, enabling unauthorized grade deletion across all courses. Versions prior to 1.11.38 and 2.0.0-RC.3 lack server-side validation. No public exploit identified at time of analysis. CVSS 7.1 (High) reflects authenticated access requirement with high integrity impact and low availability impact.

Denial Of Service Null Pointer Dereference Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32893 MEDIUM PATCH This Month

Reflected XSS in Chamilo LMS exercise admin panel allows authenticated teachers to be tricked into executing arbitrary JavaScript via malicious paginated URLs, affecting versions prior to 2.0.0-RC.3. An attacker can craft a weaponized link containing unencoded query parameters that bypass the pagination mechanism's improper output encoding, potentially leading to session hijacking, credential theft, or unauthorized administrative actions within the learning management system. No public exploit code or active exploitation has been identified at time of analysis.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-31941 HIGH PATCH This Week

Server-Side Request Forgery in Chamilo LMS Social Wall feature enables authenticated attackers to force the server to make arbitrary HTTP requests to internal resources. The read_url_with_open_graph endpoint accepts user-controlled URLs via social_wall_new_msg_main POST parameter without validating internal versus external targets, allowing internal port scanning, access to cloud instance metadata (AWS/GCP/Azure), and reconnaissance of private network services. Affects Chamilo LMS versions before 1.11.38 and 2.0.0-RC.3. Attack requires low-privilege authenticated access; no public exploit identified at time of analysis.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30882 MEDIUM This Month

Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.

XSS Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-30881 HIGH PATCH This Week

Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30876 MEDIUM PATCH This Month

A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30875 HIGH PATCH This Week

An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

PHP RCE File Upload Code Injection Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-28430 CRITICAL PATCH Act Now

Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.

SQLi Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-29041 HIGH This Week

Authenticated arbitrary code execution in Chamilo LMS versions prior to 1.11.34 allows low-privileged users to bypass file upload restrictions through MIME-type spoofing and execute malicious commands on the server. The vulnerability stems from insufficient validation of file extensions and improper storage restrictions, enabling attackers to upload and execute arbitrary files. No patch is currently available for affected deployments.

RCE Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-59544 MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. [CVSS 4.3 MEDIUM]

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59543 CRITICAL Act Now

Second stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-59542 CRITICAL Act Now

Stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-59541 HIGH This Week

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]

CSRF Chamilo Lms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-59540 MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. [CVSS 5.4 MEDIUM]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55289 HIGH This Week

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. [CVSS 8.8 HIGH]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-55208 CRITICAL Act Now

Stored XSS in Chamilo LMS before 1.11.34 via file uploads in Social Networks. Leads to account takeover.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-52998 CRITICAL PATCH Act Now

Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.

Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-52564 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52563 MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52476 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52475 MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-52470 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-52469 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52468 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-50199 CRITICAL POC Act Now

Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-50198 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-50197 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50196 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-50195 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50194 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-50193 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-52482 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-50192 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50191 HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-50190 CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-50189 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-50188 HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-50187 CRITICAL POC Act Now

Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.

RCE Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-50186 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-50337 MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-47886 HIGH POC This Week

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]

RCE Deserialization Chamilo Lms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-69581 MEDIUM POC This Month

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. [CVSS 5.5 MEDIUM]

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-51142 MEDIUM POC This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Chamilo Lms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-30619 HIGH PATCH This Week

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30618 MEDIUM POC PATCH This Month

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30617 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-30616 HIGH POC PATCH This Week

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27525 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-27524 HIGH POC PATCH This Week

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-4226 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-4225 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4224 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4223 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4222 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-4221 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-4220 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
76.1%
CVE-2023-39582 MEDIUM PATCH This Month

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi Chamilo Lms
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-34944 CRITICAL PATCH Act Now

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34962 HIGH PATCH This Week

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-34961 MEDIUM PATCH This Month

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34959 MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34958 MEDIUM PATCH This Month

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-31807 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31806 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31805 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31804 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31803 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31802 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31801 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31800 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31799 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-27426 HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Chamilo Lms
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-27423 CRITICAL PATCH Act Now

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Chamilo Lms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27422 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27421 HIGH PATCH This Week

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Chamilo Lms
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-35415 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

{id} endpoint to assign themselves ROLE_ADMIN privileges, bypassing intended access controls. The vulnerability stems from inadequate authorization checks that verify only record ownership without restricting modification of security-critical fields. With CVSS 8.8 (High) and low attack complexity requiring only basic authentication, this represents a critical access control failure in educational platforms. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the straightforward attack vector makes exploitation trivial for malicious insiders.

Privilege Escalation Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Insecure Direct Object Reference in Chamilo LMS /api/course_rel_users endpoint allows authenticated attackers to enroll arbitrary users into any course without authorization (CVSS 7.1, High Integrity impact). Affects all versions prior to 2.0.0-RC.3. The vulnerability enables authenticated users to manipulate user-course relationships by modifying the user parameter in API requests, bypassing enrollment controls entirely. No public exploit code identified at time of analysis, though the attack v

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Chamilo LMS versions prior to 2.0.0-RC.3 allow authenticated students to read private course notes of any other user via an Insecure Direct Object Reference (IDOR) vulnerability in the notebook module's editnote action. An attacker can manipulate the notebook_id parameter to bypass ownership checks in the read path (get_note_information()), exposing note titles and HTML body content despite write-path protections existing in updateNote() and delete_note(). The vulnerability requires valid student credentials but impacts confidentiality of sensitive educational materials across the platform.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated users to upload malicious HTML files containing JavaScript via the social post attachment API endpoint. The uploaded files are served without sanitization, content-type restrictions, or proper content-disposition headers, causing embedded JavaScript to execute in the browser within the application's trusted origin. This enables session hijacking, account takeover, and privilege escalation attacks, particularly when an administrator views a malicious link. The vulnerability is confirmed fixed in version 2.0.0-RC.3.

Privilege Escalation XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allow authenticated attackers to read arbitrary server files through XML External Entity (XXE) injection via improper use of simplexml_load_string() with the LIBXML_NOENT flag enabled across multiple application files. The vulnerability requires low-privilege authentication and medium attack complexity but grants high confidentiality impact with no integrity or availability impact; no public exploit code or active exploitation has been identified at the time of analysis.

XXE Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Chamilo LMS versions prior to 2.0.0-RC.3 allow authenticated students and lower-privileged users to enumerate all platform users and extract sensitive personal information (email addresses, phone numbers, role assignments) through an unauthenticated API endpoint (GET /api/users), enabling reconnaissance of administrator accounts and organizational structure. The vulnerability affects any installation with user accounts below administrative level and is fixed in version 2.0.0-RC.3.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Predictable API key generation in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to brute-force valid REST API keys. The md5-based generation algorithm uses a flawed random seed (rand(10000,10000) always returns 10000), reducing the keyspace to md5(timestamp + user_id*5 - 10000). Attackers with knowledge of target usernames and approximate key creation timestamps can enumerate valid API keys through offline computation, enabling unauthorized access to REST API endpoints and confidential data exposure. No public exploit identified at time of analysis.

Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Chamilo LMS REST API endpoint get_user_info_from_username fails to authorize requests, exposing personal information (email, names, user ID, active status) to any authenticated user regardless of role prior to version 1.11.38. An attacker with valid login credentials, including a student account, can enumerate and retrieve sensitive user data for any account in the system.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Unauthenticated password reset takeover in Chamilo LMS 1.11.x (prior to 1.11.38) and 2.0.0-RC versions (prior to RC.3) allows remote attackers to hijack arbitrary user accounts by computing deterministic reset tokens. The vulnerability stems from insecure token generation using sha1($email) without randomization, expiration, or rate limiting. Attackers knowing a target's email address can directly calculate valid password reset tokens and change account credentials without prior authentication, enabling full account takeover with high confidentiality and integrity impact. No public exploit identified at time of analysis.

Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation in Chamilo LMS versions prior to 1.11.38 allows any authenticated user with a REST API key to elevate their account status from student (status=5) to teacher/course manager (status=1) by manipulating the status field through the update_user_from_username REST API endpoint. This enables unauthorized course creation and management capabilities. Authentication is required (PR:L), but once exploited, attackers gain high-integrity administrative functions within the learning management system. No public exploit identified at time of analysis.

Privilege Escalation Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Chamilo LMS versions prior to 1.11.38 expose Twig template files (.tpl) in the /main/template/default/ directory to unauthenticated HTTP GET requests, allowing remote attackers to disclose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure without authentication. This information disclosure vulnerability has a CVSS score of 5.3 with confirmed patch availability in version 1.11.38.

Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{userId} endpoint. Attack requires only low-privilege authentication (PR:L) and no user interaction, enabling mass disclosure of credentials and sensitive information across the entire platform. Affects all Chamilo LMS versions prior to 2.0.0-RC.3. No public exploit identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insecure Direct Object Reference in Chamilo LMS REST API stats endpoint allows authenticated low-privilege users to read unauthorized access to any user's learning progress, certificates, and gradebook scores across all courses prior to version 2.0.0-RC.3. The vulnerability requires only valid user credentials (accessible to students with ROLE_USER) and network access, enabling horizontal privilege escalation without administrative intervention or system compromise. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated teachers in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 can access and modify gradebook evaluation settings across unauthorized courses through Insecure Direct Object Reference in the editeval parameter. Attackers with low-privilege teacher accounts can alter evaluation names, maximum scores, and weights for assessments in courses they do not own, enabling unauthorized data disclosure and integrity compromise. No public exploit identified at time of analysis.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated teachers in Chamilo LMS can delete arbitrary student grades platform-wide through Insecure Direct Object Reference in gradebook result views. By manipulating delete_mark or resultdelete GET parameters, attackers bypass course-scope and ownership controls, enabling unauthorized grade deletion across all courses. Versions prior to 1.11.38 and 2.0.0-RC.3 lack server-side validation. No public exploit identified at time of analysis. CVSS 7.1 (High) reflects authenticated access requirement with high integrity impact and low availability impact.

Denial Of Service Null Pointer Dereference Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Reflected XSS in Chamilo LMS exercise admin panel allows authenticated teachers to be tricked into executing arbitrary JavaScript via malicious paginated URLs, affecting versions prior to 2.0.0-RC.3. An attacker can craft a weaponized link containing unencoded query parameters that bypass the pagination mechanism's improper output encoding, potentially leading to session hijacking, credential theft, or unauthorized administrative actions within the learning management system. No public exploit code or active exploitation has been identified at time of analysis.

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Server-Side Request Forgery in Chamilo LMS Social Wall feature enables authenticated attackers to force the server to make arbitrary HTTP requests to internal resources. The read_url_with_open_graph endpoint accepts user-controlled URLs via social_wall_new_msg_main POST parameter without validating internal versus external targets, allowing internal port scanning, access to cloud instance metadata (AWS/GCP/Azure), and reconnaissance of private network services. Affects Chamilo LMS versions before 1.11.38 and 2.0.0-RC.3. Attack requires low-privilege authenticated access; no public exploit identified at time of analysis.

SSRF Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.

XSS Chamilo Lms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.

SQLi Chamilo Lms
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Chamilo Lms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.

PHP RCE File Upload +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.

SQLi Chamilo Lms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated arbitrary code execution in Chamilo LMS versions prior to 1.11.34 allows low-privileged users to bypass file upload restrictions through MIME-type spoofing and execute malicious commands on the server. The vulnerability stems from insufficient validation of file extensions and improper storage restrictions, enabling attackers to upload and execute arbitrary files. No patch is currently available for affected deployments.

RCE Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. [CVSS 4.3 MEDIUM]

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Second stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Stored XSS in Chamilo LMS before 1.11.34.

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]

CSRF Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. [CVSS 5.4 MEDIUM]

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. [CVSS 8.8 HIGH]

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Stored XSS in Chamilo LMS before 1.11.34 via file uploads in Social Networks. Leads to account takeover.

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.

Deserialization Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.

PHP SSRF Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

PHP Deserialization Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]

PHP Command Injection Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

PHP SQLi Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 8.8 HIGH]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Chamilo is a learning management system. [CVSS 7.2 HIGH]

PHP Chamilo Lms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.

RCE Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]

XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

SSRF Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]

RCE Deserialization Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. [CVSS 5.5 MEDIUM]

Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Chamilo Lms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection +1
NVD GitHub
EPSS 76% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi Chamilo Lms
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Chamilo Lms
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Chamilo Lms
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Chamilo Lms
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Chamilo Lms
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chamilo Lms
NVD GitHub
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy