📦 Chamilo Lms

This vulnerability allows remote code execution in Chamilo LMS by exploiting unfiltered parameter evaluation in SOAP requests. Attackers can execute arbitrary code on affected systems, potentially com...

This vulnerability allows attackers to upload malicious SVG files to Chamilo LMS, which can lead to remote code execution. It affects Chamilo 1.11.* versions up to v1.11.18. Attackers can exploit this...

This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the blog_id parameter. Attackers can potentially access, modify, or delete database content. All ...

CVE-2021-35414 is an unauthenticated SQL injection vulnerability in Chamilo LMS v1.11.x that allows attackers to execute arbitrary SQL commands via the 'doc' parameter in the Compilatio plagiarism mod...

This vulnerability allows attackers to inject malicious scripts into Chamilo LMS user profiles via CSV import. When other users view these profiles, the scripts execute in their browser context, poten...

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows teachers to inject malicious JavaScript into the glossary function, which executes when administrators view the content. This en...

Chamilo LMS 1.11.26 has an incorrect access control vulnerability in the profile management component that allows non-admin users to manipulate sensitive profile information. This affects all Chamilo ...

Chamilo LMS 1.11.26 has an incorrect access control vulnerability where unauthenticated attackers can access sensitive information via specific API endpoints. This allows enumeration of message counts...

This is a Cross-Site Scripting (XSS) vulnerability in Chamilo LMS v1.11.26 that allows remote attackers to inject malicious scripts via the filename parameter in new_ticket.php. Successful exploitatio...

This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the exercise.ajax.php endpoint, leading to remote code execution. Attackers can ex...

This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the document upload functionality. Successful exploitation leads to remote code ex...

This vulnerability allows authenticated users with Learning Path upload permissions to execute arbitrary commands on the server through command injection in the OpenOffice presentation processing comp...

This vulnerability in Chamilo LMS allows students to access and modify other students' personal notes due to incorrect access control. It affects Chamilo v1.11.x up to v1.11.18. The flaw enables unaut...

This Server-Side Request Forgery vulnerability in Chamilo LMS allows attackers to make the server send requests to internal network resources and execute arbitrary system commands via malicious Phar f...

This vulnerability allows authenticated attackers to execute arbitrary code on Chamilo LMS servers by uploading a malicious .htaccess file through the course_intro_pdf_import.php script. It affects Ch...

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows privileged users to inject malicious JavaScript into the Category Name field. This script executes when accessing add_many_sessi...

Chamilo LMS versions before 1.11.28 contain an unauthenticated blind Server-Side Request Forgery (SSRF) vulnerability in the OpenId function. This allows attackers to make arbitrary HTTP requests from...

This vulnerability in Chamilo LMS allows attackers to manipulate the userId parameter in the deleteLegal function, leading to improper authorization. Attackers can exploit this remotely to delete lega...

Chamilo LMS 1.11.2 fails to properly clear cached sensitive user data from the Social Network/personal_data endpoint after logout. This allows subsequent users of the same device to access previous us...

A stored cross-site scripting vulnerability in Chamilo LMS allows attackers to inject malicious JavaScript into group discussion topics. When users view these topics, the script executes in their brow...