Chamilo CVEs and Security Vulnerabilities

Filtered by vendor Chamilo Subscriptions

Search

Switch to Advanced Search (Beta)

Total 76 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-31799	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
CVE-2023-31803	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
CVE-2023-31802	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
CVE-2023-31801	1 Chamilo	1 Chamilo Lms	2025-01-29	6.1 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
CVE-2023-31800	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
CVE-2023-31807	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
CVE-2023-31806	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
CVE-2023-31805	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
CVE-2023-31804	1 Chamilo	1 Chamilo Lms	2025-01-28	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
CVE-2023-34961	1 Chamilo	1 Chamilo Lms	2025-01-06	6.1 Medium
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVE-2023-34959	1 Chamilo	1 Chamilo Lms	2025-01-06	5.3 Medium
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVE-2023-34958	1 Chamilo	1 Chamilo Lms	2025-01-06	4.3 Medium
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVE-2023-34962	1 Chamilo	1 Chamilo Lms	2025-01-06	8.1 High
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVE-2023-34944	1 Chamilo	1 Chamilo Lms	2025-01-03	9.8 Critical
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2023-4223	1 Chamilo	1 Chamilo Lms	2024-12-02	8.8 High
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4226	1 Chamilo	1 Chamilo Lms	2024-11-21	8.8 High
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4225	1 Chamilo	1 Chamilo Lms	2024-11-21	8.8 High
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4224	1 Chamilo	1 Chamilo Lms	2024-11-21	8.8 High
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4222	1 Chamilo	1 Chamilo Lms	2024-11-21	7.2 High
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4221	1 Chamilo	1 Chamilo Lms	2024-11-21	7.2 High
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

Page 1 of 4. next last »