VYPR

Lms

by Chamilo

Source repositories

CVEs (151)

  • CVE-2023-31799MedMay 9, 2023
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.

  • CVE-2026-34161MedApr 14, 2026
    risk 0.28cvss 5.4epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing…

  • CVE-2026-32893MedApr 10, 2026
    risk 0.28cvss 5.4epss 0.00

    Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges…

  • CVE-2025-26153MedApr 16, 2025
    risk 0.28cvss 5.4epss 0.00

    A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

  • CVE-2026-33737MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

  • CVE-2026-33705MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs,…

  • CVE-2026-32932MedApr 10, 2026
    risk 0.24cvss 4.7epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The…

  • CVE-2024-27525MedNov 1, 2024
    risk 0.23cvss 4.6epss 0.00

    Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.

  • CVE-2023-39061LowAug 21, 2023
    risk 0.23cvss 3.5epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

  • CVE-2023-4220HigNov 28, 2023
    risk 0.09cvss 8.1epss 0.76

    Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web…

  • CVE-2023-3368CriNov 28, 2023
    risk 0.06cvss 9.8epss 0.69

    Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

  • CVE-2021-31933HigApr 30, 2021
    risk 0.04cvss 7.2epss 0.14

    A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to…

  • CVE-2021-37391MedAug 10, 2021
    risk 0.03cvss 5.4epss 0.02

    A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS…

  • CVE-2013-6787Dec 5, 2013
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0"…

  • CVE-2021-34187CriJun 28, 2021
    risk 0.01cvss 9.8epss 0.16

    main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.

  • CVE-2025-66447NonApr 10, 2026
    risk 0.00cvss 0.0epss 0.00

    Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

  • CVE-2026-30882Mar 16, 2026
    risk 0.00cvss epss 0.00

    Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page. The keyword parameter from $_REQUEST is echoed directly into an HTML href attribute without any…

  • CVE-2026-30881Mar 16, 2026
    risk 0.00cvss epss 0.00

    Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date_start and date_end from $_REQUEST are embedded directly into a raw SQL string without proper sanitization. Although…

  • CVE-2026-30876Mar 16, 2026
    risk 0.00cvss epss 0.00

    Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36.

  • CVE-2026-30875Mar 16, 2026
    risk 0.00cvss epss 0.01

    Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation only checks if h5p.json exists…

Page 4 of 8