VYPR

Lms

by Chamilo

Source repositories

CVEs (151)

  • CVE-2026-33714HigApr 14, 2026
    risk 0.47cvss 7.2epss 0.00

    Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the…

  • CVE-2026-31939HigApr 10, 2026
    risk 0.47cvss 8.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal…

  • CVE-2022-27421HigApr 15, 2022
    risk 0.47cvss 7.2epss 0.01

    Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

  • CVE-2021-38745MedMar 21, 2022
    risk 0.44cvss 6.8epss 0.01

    Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.

  • CVE-2026-31941HigApr 10, 2026
    risk 0.43cvss 7.7epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main…

  • CVE-2026-33710HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp +…

  • CVE-2026-32931HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.01

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded…

  • CVE-2026-31940HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in…

  • CVE-2023-31801MedMay 9, 2023
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

  • CVE-2022-27425MedApr 15, 2022
    risk 0.40cvss 6.1epss 0.01

    Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.

  • CVE-2022-27422MedApr 15, 2022
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

  • CVE-2021-43687MedDec 1, 2021
    risk 0.40cvss 6.1epss 0.01

    chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

  • CVE-2020-23126MedNov 3, 2021
    risk 0.40cvss 6.1epss 0.01

    Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.

  • CVE-2012-4029MedFeb 8, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.

  • CVE-2013-0739MedJan 30, 2020
    risk 0.40cvss 6.1epss 0.01

    Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.

  • CVE-2013-0738MedJan 30, 2020
    risk 0.40cvss 6.1epss 0.01

    Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.

  • CVE-2015-9540MedJan 4, 2020
    risk 0.40cvss 6.1epss 0.01

    Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.

  • CVE-2026-34602HigApr 14, 2026
    risk 0.39cvss 7.1epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an authenticated attacker to modify the user parameter in the request body to enroll…

  • CVE-2026-33706HigApr 10, 2026
    risk 0.39cvss 7.1epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining…

  • CVE-2026-33704HigApr 10, 2026
    risk 0.39cvss 7.1epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While…

Page 2 of 8