Chamilo: >> Chamilo Security Vulnerabilities
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-10-17
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS Score
8.8
EPSS Score
0.011
Published
2022-09-29
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-04-15
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-03-21
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
CVSS Score
6.8
EPSS Score
0.015
Published
2022-03-21
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-12-01
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-08-10
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
CVSS Score
9.8
EPSS Score
0.851
Published
2021-06-28