Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Chamilo Subscribe
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27422 1 Chamilo 1 Chamilo Lms 2022-04-25 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
CVE-2022-27425 1 Chamilo 1 Chamilo 2022-04-25 4.3 MEDIUM 6.1 MEDIUM
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
CVE-2022-27423 1 Chamilo 1 Chamilo Lms 2022-04-25 7.5 HIGH 9.8 CRITICAL
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
CVE-2022-27426 1 Chamilo 1 Chamilo Lms 2022-04-25 6.5 MEDIUM 8.8 HIGH
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
CVE-2021-40662 1 Chamilo 1 Chamilo 2022-03-29 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
CVE-2021-38745 1 Chamilo 1 Chamilo 2022-03-29 4.6 MEDIUM 6.8 MEDIUM
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
CVE-2021-43687 1 Chamilo 1 Chamilo 2021-12-15 4.3 MEDIUM 6.1 MEDIUM
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
CVE-2021-35414 1 Chamilo 1 Chamilo Lms 2021-12-06 7.5 HIGH 9.8 CRITICAL
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
CVE-2021-35415 1 Chamilo 1 Chamilo Lms 2021-12-06 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVE-2020-23126 1 Chamilo 1 Chamilo Lms 2021-11-04 4.3 MEDIUM 6.1 MEDIUM
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
CVE-2021-37391 1 Chamilo 1 Chamilo Lms 2021-08-19 3.5 LOW 5.4 MEDIUM
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
CVE-2021-37390 1 Chamilo 1 Chamilo Lms 2021-08-17 4.3 MEDIUM 6.1 MEDIUM
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
CVE-2021-37389 1 Chamilo 1 Chamilo 2021-08-17 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
CVE-2021-34187 1 Chamilo 1 Chamilo 2021-07-01 7.5 HIGH 9.8 CRITICAL
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
CVE-2020-23128 1 Chamilo 1 Chamilo Lms 2021-05-11 4.0 MEDIUM 4.9 MEDIUM
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
CVE-2020-23127 1 Chamilo 1 Chamilo Lms 2021-05-07 6.8 MEDIUM 8.8 HIGH
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVE-2021-26746 1 Chamilo 1 Chamilo 2021-02-25 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
CVE-2019-1000017 1 Chamilo 1 Chamilo Lms 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.
CVE-2012-4029 1 Chamilo 1 Chamilo 2020-02-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
CVE-2013-0738 1 Chamilo 1 Chamilo 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.