Skip to main content

Chamilo Lms

102 CVEs product

Monthly

CVE-2021-35414 CRITICAL POC PATCH Act Now

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-35413 HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-37391 MEDIUM POC PATCH This Month

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.1%
CVE-2021-37390 MEDIUM POC PATCH This Month

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-13082 CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Chamilo Lms
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-1000017 MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-1000015 MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-20329 HIGH PATCH This Week

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-20328 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-20327 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1999019 CRITICAL PATCH Act Now

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2013-6787 MEDIUM POC PATCH This Month

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Chamilo Lms
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
0.6%
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Chamilo Lms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Authentication Bypass +1
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Chamilo Lms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Chamilo Lms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo Lms
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Chamilo Lms
NVD Exploit-DB
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy