VYPR

Lms

by Chamilo

Source repositories

CVEs (151)

  • CVE-2023-34960CriAug 1, 2023
    risk 0.75cvss 9.8epss 0.99

    A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

  • CVE-2023-34944CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

  • CVE-2022-27423CriApr 15, 2022
    risk 0.64cvss 9.8epss 0.01

    Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

  • CVE-2019-13082CriJun 30, 2019
    risk 0.64cvss 9.8epss 0.04

    Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php…

  • CVE-2026-33698CriApr 10, 2026
    risk 0.57cvss 9.8epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This…

  • CVE-2018-25158HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions,…

  • CVE-2022-42029HigOct 17, 2022
    risk 0.57cvss 8.8epss 0.01

    Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

  • CVE-2022-40407HigSep 29, 2022
    risk 0.57cvss 8.8epss 0.01

    A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

  • CVE-2022-27426HigApr 15, 2022
    risk 0.57cvss 8.8epss 0.01

    A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

  • CVE-2021-40662HigMar 21, 2022
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.

  • CVE-2020-23127HigMay 6, 2021
    risk 0.57cvss 8.8epss 0.01

    Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.

  • CVE-2026-33707CriApr 10, 2026
    risk 0.54cvss 9.4epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token…

  • CVE-2026-32892CriApr 10, 2026
    risk 0.52cvss 9.1epss 0.02

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec() shell commands…

  • CVE-2026-40291HigApr 14, 2026
    risk 0.50cvss 8.8epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/{id} endpoint allows any authenticated user with ROLE_STUDENT to escalate their privileges to ROLE_ADMIN by…

  • CVE-2026-35196HigApr 14, 2026
    risk 0.50cvss 8.8epss 0.02

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the export_all_certificates action, where the course code retrieved from the session…

  • CVE-2026-33618HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP…

  • CVE-2024-30616HigNov 4, 2024
    risk 0.50cvss 8.8epss 0.01

    Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

  • CVE-2026-34160HigApr 14, 2026
    risk 0.49cvss 8.6epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter…

  • CVE-2012-4030HigJan 10, 2020
    risk 0.49cvss 7.5epss 0.01

    Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.

  • CVE-2026-33715HigApr 14, 2026
    risk 0.47cvss 7.2epss 0.00

    Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that…

Page 1 of 8