VYPR

Chamilo Lms

by Chamilo

Source repositories

CVEs (145)

  • CVE-2026-32894HigApr 10, 2026
    risk 0.39cvss 7.1epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by…

  • CVE-2026-34370MedApr 14, 2026
    risk 0.35cvss 6.5epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated student to read the private course notes of any other user on the…

  • CVE-2026-33736MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is…

  • CVE-2026-33708MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no…

  • CVE-2026-33703MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by…

  • CVE-2026-33141MedApr 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress,…

  • CVE-2026-1106MedJan 18, 2026
    risk 0.35cvss 5.4epss 0.00

    A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in…

  • CVE-2025-29529MedApr 24, 2025
    risk 0.35cvss 6.5epss 0.00

    ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx.

  • CVE-2026-34161MedApr 14, 2026
    risk 0.28cvss 5.4epss 0.00

    Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing…

  • CVE-2026-32893MedApr 10, 2026
    risk 0.28cvss 5.4epss 0.00

    Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges…

  • CVE-2025-26153MedApr 16, 2025
    risk 0.28cvss 5.4epss 0.00

    A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

  • CVE-2026-33737MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

  • CVE-2026-33705MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs,…

  • CVE-2026-32932MedApr 10, 2026
    risk 0.24cvss 4.7epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The…

  • CVE-2023-34960Aug 1, 2023
    risk 0.11cvss epss 0.99

    A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

  • CVE-2023-4220Nov 28, 2023
    risk 0.09cvss epss 0.76

    Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web…

  • CVE-2023-3368Nov 28, 2023
    risk 0.06cvss epss 0.69

    Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

  • CVE-2021-31933Apr 30, 2021
    risk 0.04cvss epss 0.14

    A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to…

  • CVE-2021-37391Aug 10, 2021
    risk 0.03cvss epss 0.02

    A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS…

  • CVE-2013-6787Dec 5, 2013
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0"…

Page 2 of 8