Chamilo Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Chamilo products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows attackers to inject malicious scripts into Chamilo LMS user profiles via CSV import. When other users view these profiles, t...
Mar 2, 2026A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows privileged users to inject malicious JavaScript into the Category Name field. ...
Mar 2, 2026This vulnerability allows remote code execution in Chamilo LMS by exploiting unfiltered parameter evaluation in SOAP requests. Attackers can execute a...
Mar 2, 2026A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows teachers to inject malicious JavaScript into the glossary function, which exec...
Mar 2, 2026Chamilo LMS versions before 1.11.28 contain an unauthenticated blind Server-Side Request Forgery (SSRF) vulnerability in the OpenId function. This all...
Mar 2, 2026This vulnerability in Chamilo LMS allows attackers to manipulate the userId parameter in the deleteLegal function, leading to improper authorization. ...
Jan 18, 2026Chamilo LMS 1.11.2 fails to properly clear cached sensitive user data from the Social Network/personal_data endpoint after logout. This allows subsequ...
Jan 16, 2026Chamilo LMS 1.11.26 has an incorrect access control vulnerability in the profile management component that allows non-admin users to manipulate sensit...
Nov 4, 2024A stored cross-site scripting vulnerability in Chamilo LMS allows attackers to inject malicious JavaScript into group discussion topics. When users vi...
Nov 4, 2024Chamilo LMS 1.11.26 has an incorrect access control vulnerability where unauthenticated attackers can access sensitive information via specific API en...
Nov 4, 2024This is a Cross-Site Scripting (XSS) vulnerability in Chamilo LMS v1.11.26 that allows remote attackers to inject malicious scripts via the filename p...
Nov 1, 2024This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the exercise.ajax.php endpoint, ...
Nov 28, 2023This vulnerability allows authenticated users with learner roles in Chamilo LMS to upload arbitrary PHP files through the document upload functionalit...
Nov 28, 2023This vulnerability allows authenticated users with Learning Path upload permissions to execute arbitrary commands on the server through command inject...
Nov 28, 2023This vulnerability allows unauthenticated attackers to bypass file upload security in Chamilo LMS on Windows/Apache systems by uploading a malicious ....
Nov 28, 2023CVE-2023-3368 is an unauthenticated command injection vulnerability in Chamilo LMS that allows remote attackers to execute arbitrary commands on affec...
Nov 28, 2023A critical command injection vulnerability in Chamilo's wsConvertPpt component allows remote attackers to execute arbitrary commands on the server via...
Aug 1, 2023This vulnerability allows attackers to upload malicious SVG files to Chamilo LMS, which can lead to remote code execution. It affects Chamilo 1.11.* v...
Jun 13, 2023This vulnerability in Chamilo LMS allows students to access and modify other students' personal notes due to incorrect access control. It affects Cham...
Jun 8, 2023This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the blog_id parameter. Attackers can potentiall...
Apr 15, 2022This Server-Side Request Forgery vulnerability in Chamilo LMS allows attackers to make the server send requests to internal network resources and exec...
Apr 15, 2022This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated users into executing arbitrary commands on the server by clicking a mal...
Mar 21, 2022This vulnerability allows authenticated attackers to execute arbitrary code on Chamilo LMS servers by uploading a malicious .htaccess file through the...
Dec 3, 2021CVE-2021-35414 is an unauthenticated SQL injection vulnerability in Chamilo LMS v1.11.x that allows attackers to execute arbitrary SQL commands via th...
Dec 3, 2021This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the searchField, filters, or filters2 parameter...
Jun 28, 2021This vulnerability allows remote authenticated administrators in Chamilo LMS to upload malicious PHP files through directory traversal, leading to rem...
Apr 30, 2021Why Monitor Chamilo Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Chamilo products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Chamilo packages in under 60 seconds. No agents required - completely agentless scanning that works across Chamilo deployments.
Free vulnerability database: Access detailed information about every Chamilo CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Chamilo CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
