Chamilo Lms
Monthly
Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.
Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.
A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.
Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.
Authenticated arbitrary code execution in Chamilo LMS versions prior to 1.11.34 allows low-privileged users to bypass file upload restrictions through MIME-type spoofing and execute malicious commands on the server. The vulnerability stems from insufficient validation of file extensions and improper storage restrictions, enabling attackers to upload and execute arbitrary files. No patch is currently available for affected deployments.
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. [CVSS 4.3 MEDIUM]
Second stored XSS in Chamilo LMS before 1.11.34.
Stored XSS in Chamilo LMS before 1.11.34.
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. [CVSS 5.4 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. [CVSS 8.8 HIGH]
Stored XSS in Chamilo LMS before 1.11.34 via file uploads in Social Networks. Leads to account takeover.
Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]
Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]
Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]
Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.
Chamilo is a learning management system. [CVSS 8.8 HIGH]
Chamilo is a learning management system. [CVSS 7.2 HIGH]
Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. [CVSS 5.5 MEDIUM]
Chamilo LMS versions 1.11.34 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page where the keyword parameter is echoed directly into an HTML href attribute without encoding or sanitization. An attacker can inject arbitrary JavaScript by breaking out of the attribute context using a ">" payload, enabling session hijacking, credential theft, or malware distribution to any user who clicks a malicious link. The vulnerability is triggered when pagination controls render for datasets exceeding 20 items, and a patch is available in version 1.11.36.
Authenticated attackers can exploit SQL injection in Chamilo LMS 1.11.34 and earlier through the statistics AJAX endpoint, where insufficient input sanitization allows bypassing of database escaping mechanisms via the date_start and date_end parameters. This vulnerability enables blind time-based SQL injection attacks to extract or manipulate sensitive data from the underlying database. Version 1.11.36 contains the patch; versions 1.11.35 and earlier remain vulnerable.
A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
An arbitrary file upload vulnerability in Chamilo LMS allows authenticated users with Teacher role to achieve Remote Code Execution by uploading malicious H5P packages. The flaw affects versions prior to 1.11.36 and stems from inadequate validation of H5P package contents, which only checks for h5p.json existence but fails to block .htaccess or PHP files with alternative extensions. With a CVSS score of 8.8 and high exploitation potential, attackers can upload webshells disguised as text files along with .htaccess configurations to bypass security controls.
Unauthenticated SQL injection in Chamilo LMS versions prior to 1.11.34 enables remote attackers to execute arbitrary database queries through the custom_dates parameter and escalate to full administrative account takeover by exploiting a predictable password reset mechanism. This critical vulnerability exposes the entire database including personally identifiable information and system configurations without requiring any credentials or user interaction. No patch is currently available for affected installations.
Authenticated arbitrary code execution in Chamilo LMS versions prior to 1.11.34 allows low-privileged users to bypass file upload restrictions through MIME-type spoofing and execute malicious commands on the server. The vulnerability stems from insufficient validation of file extensions and improper storage restrictions, enabling attackers to upload and execute arbitrary files. No patch is currently available for affected deployments.
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. [CVSS 4.3 MEDIUM]
Second stored XSS in Chamilo LMS before 1.11.34.
Stored XSS in Chamilo LMS before 1.11.34.
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. [CVSS 8.1 HIGH]
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. [CVSS 5.4 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. [CVSS 8.8 HIGH]
Stored XSS in Chamilo LMS before 1.11.34 via file uploads in Social Networks. Leads to account takeover.
Chamilo LMS prior to 1.11.30 has an insecure deserialization vulnerability enabling remote code execution through crafted serialized data.
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. [CVSS 6.1 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. [CVSS 4.8 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]
Chamilo LMS prior to 1.11.30 has a blind SSRF vulnerability enabling internal network reconnaissance from the learning platform.
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]
Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]
Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.
Chamilo is a learning management system. [CVSS 8.8 HIGH]
Chamilo is a learning management system. [CVSS 7.2 HIGH]
Chamilo LMS prior to 1.11.28 has a code injection through SOAP request parameters enabling remote code execution.
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. [CVSS 4.8 MEDIUM]
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. [CVSS 5.5 MEDIUM]