Chamilo CVEs and Security Vulnerabilities

Filtered by vendor Chamilo Subscriptions

Search

Switch to Advanced Search (Beta)

Total 77 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-4225	1 Chamilo	2 Chamilo, Chamilo Lms	2025-06-05	8.8 High
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-3368	1 Chamilo	1 Chamilo	2025-06-03	9.8 Critical
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVE-2022-40407	1 Chamilo	1 Chamilo	2025-05-20	8.8 High
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2022-42029	1 Chamilo	1 Chamilo	2025-05-14	8.8 High
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
CVE-2024-30617	1 Chamilo	1 Chamilo Lms	2025-04-18	5.4 Medium
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
CVE-2024-30618	1 Chamilo	1 Chamilo Lms	2025-04-18	6.1 Medium
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.
CVE-2024-30619	1 Chamilo	1 Chamilo Lms	2025-04-18	7.5 High
Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online."
CVE-2024-30616	1 Chamilo	1 Chamilo Lms	2025-04-18	8.8 High
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.
CVE-2024-27525	1 Chamilo	1 Chamilo Lms	2025-04-18	4.6 Medium
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.
CVE-2024-51142	1 Chamilo	1 Chamilo Lms	2025-04-18	6.1 Medium
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.
CVE-2024-27524	1 Chamilo	1 Chamilo Lms	2025-04-17	7.1 High
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
CVE-2013-6787	1 Chamilo	1 Chamilo Lms	2025-04-11	N/A
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
CVE-2023-31799	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
CVE-2023-31803	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
CVE-2023-31802	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
CVE-2023-31801	1 Chamilo	1 Chamilo Lms	2025-01-29	6.1 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
CVE-2023-31800	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
CVE-2023-31807	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
CVE-2023-31806	1 Chamilo	1 Chamilo Lms	2025-01-29	5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
CVE-2023-31805	1 Chamilo	1 Chamilo Lms	2025-01-29	4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.

Page 1 of 4. next last »