VYPR

Chamilo Lms

by Chamilo

Source repositories

CVEs (145)

  • CVE-2022-27423Apr 15, 2022
    risk 0.00cvss epss 0.01

    Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

  • CVE-2022-27422Apr 15, 2022
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

  • CVE-2021-40662Mar 21, 2022
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.

  • CVE-2021-38745Mar 21, 2022
    risk 0.00cvss epss 0.01

    Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.

  • CVE-2021-35414Dec 3, 2021
    risk 0.00cvss epss 0.02

    Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

  • CVE-2021-35413Dec 3, 2021
    risk 0.00cvss epss 0.03

    A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

  • CVE-2021-43687Dec 1, 2021
    risk 0.00cvss epss 0.01

    chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

  • CVE-2020-23126Nov 3, 2021
    risk 0.00cvss epss 0.01

    Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.

  • CVE-2021-37389Aug 10, 2021
    risk 0.00cvss epss 0.01

    Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

  • CVE-2021-37390Aug 10, 2021
    risk 0.00cvss epss 0.01

    A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).

  • CVE-2021-32925May 13, 2021
    risk 0.00cvss epss 0.02

    admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

  • CVE-2020-23128May 5, 2021
    risk 0.00cvss epss 0.01

    Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.

  • CVE-2020-23127May 5, 2021
    risk 0.00cvss epss 0.01

    Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.

  • CVE-2021-26746Feb 19, 2021
    risk 0.00cvss epss 0.01

    Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.

  • CVE-2012-4029Feb 8, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.

  • CVE-2013-0739Jan 30, 2020
    risk 0.00cvss epss 0.01

    Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.

  • CVE-2013-0738Jan 30, 2020
    risk 0.00cvss epss 0.01

    Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.

  • CVE-2012-4030Jan 10, 2020
    risk 0.00cvss epss 0.01

    Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.

  • CVE-2019-13082Jun 30, 2019
    risk 0.00cvss epss 0.04

    Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php…

  • CVE-2019-1000015Feb 4, 2019
    risk 0.00cvss epss 0.01

    Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the…

Page 7 of 8