Lms
by Chamilo
Source repositories
CVEs (151)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-35413 | Hig | 0.00 | 8.8 | 0.03 | Dec 3, 2021 | A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | ||
| CVE-2021-37390 | Med | 0.00 | 6.1 | 0.01 | Aug 10, 2021 | A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). | ||
| CVE-2021-37389 | Med | 0.00 | 6.1 | 0.01 | Aug 10, 2021 | Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. | ||
| CVE-2021-32925 | Med | 0.00 | 6.5 | 0.02 | May 13, 2021 | admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. | ||
| CVE-2021-26746 | Med | 0.00 | 6.1 | 0.01 | Feb 19, 2021 | Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | ||
| CVE-2019-1000017 | Med | 0.00 | 6.5 | 0.01 | Feb 4, 2019 | Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable… | ||
| CVE-2019-1000015 | Med | 0.00 | 6.1 | 0.01 | Feb 4, 2019 | Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the… | ||
| CVE-2018-20329 | Hig | 0.00 | 8.1 | 0.01 | Dec 21, 2018 | Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information. | ||
| CVE-2018-20328 | Med | 0.00 | 5.4 | 0.01 | Dec 21, 2018 | Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature… | ||
| CVE-2018-20327 | Med | 0.00 | 5.4 | 0.01 | Dec 21, 2018 | Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due… | ||
| CVE-2018-1999019 | Cri | 0.00 | 9.8 | 0.03 | Jul 23, 2018 | Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the… |
- risk 0.00cvss 8.8epss 0.03
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
- risk 0.00cvss 6.1epss 0.01
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
- risk 0.00cvss 6.1epss 0.01
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
- risk 0.00cvss 6.5epss 0.02
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
- risk 0.00cvss 6.1epss 0.01
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
- risk 0.00cvss 6.5epss 0.01
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable…
- risk 0.00cvss 6.1epss 0.01
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the…
- risk 0.00cvss 8.1epss 0.01
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
- risk 0.00cvss 5.4epss 0.01
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature…
- risk 0.00cvss 5.4epss 0.01
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due…
- risk 0.00cvss 9.8epss 0.03
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the…
Page 8 of 8