VYPR

Lms

by Chamilo

Source repositories

CVEs (151)

  • CVE-2021-35413HigDec 3, 2021
    risk 0.00cvss 8.8epss 0.03

    A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

  • CVE-2021-37390MedAug 10, 2021
    risk 0.00cvss 6.1epss 0.01

    A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).

  • CVE-2021-37389MedAug 10, 2021
    risk 0.00cvss 6.1epss 0.01

    Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

  • CVE-2021-32925MedMay 13, 2021
    risk 0.00cvss 6.5epss 0.02

    admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

  • CVE-2021-26746MedFeb 19, 2021
    risk 0.00cvss 6.1epss 0.01

    Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.

  • CVE-2019-1000017MedFeb 4, 2019
    risk 0.00cvss 6.5epss 0.01

    Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable…

  • CVE-2019-1000015MedFeb 4, 2019
    risk 0.00cvss 6.1epss 0.01

    Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the…

  • CVE-2018-20329HigDec 21, 2018
    risk 0.00cvss 8.1epss 0.01

    Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

  • CVE-2018-20328MedDec 21, 2018
    risk 0.00cvss 5.4epss 0.01

    Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature…

  • CVE-2018-20327MedDec 21, 2018
    risk 0.00cvss 5.4epss 0.01

    Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due…

  • CVE-2018-1999019CriJul 23, 2018
    risk 0.00cvss 9.8epss 0.03

    Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the…

Page 8 of 8