📦 Chamilo

This vulnerability allows unauthenticated attackers to bypass file upload security in Chamilo LMS on Windows/Apache systems by uploading a malicious .htaccess file. Attackers can achieve remote code e...

CVE-2023-3368 is an unauthenticated command injection vulnerability in Chamilo LMS that allows remote attackers to execute arbitrary commands on affected systems. This vulnerability affects Chamilo LM...

A critical command injection vulnerability in Chamilo's wsConvertPpt component allows remote attackers to execute arbitrary commands on the server via crafted PowerPoint filenames in SOAP API calls. T...

This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the searchField, filters, or filters2 parameters in the model.ajax.php endpoint. It affects all C...

This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated users into executing arbitrary commands on the server by clicking a malicious link. It affects Chamilo LMS administrators...

This vulnerability allows remote authenticated administrators in Chamilo LMS to upload malicious PHP files through directory traversal, leading to remote code execution. Attackers can execute arbitrar...