VYPR

Chamilo Lms

by Chamilo

Source repositories

CVEs (145)

  • CVE-2019-1000017Feb 4, 2019
    risk 0.00cvss epss 0.01

    Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable…

  • CVE-2018-20328Dec 21, 2018
    risk 0.00cvss epss 0.01

    Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature…

  • CVE-2018-20329Dec 21, 2018
    risk 0.00cvss epss 0.01

    Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

  • CVE-2018-20327Dec 21, 2018
    risk 0.00cvss epss 0.01

    Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due…

  • CVE-2018-1999019CriJul 23, 2018
    risk 0.00cvss 9.8epss 0.03

    Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the…

Page 8 of 8