Vulnerabilities
Vulnerable Software
Chamilo:  >> Chamilo Lms  Security Vulnerabilities
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS Score
7.2
EPSS Score
0.015
Published
2023-11-28
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS Score
8.8
EPSS Score
0.026
Published
2023-11-28
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS Score
8.1
EPSS Score
0.93
Published
2023-11-28
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS Score
7.2
EPSS Score
0.015
Published
2023-11-28
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-09-01
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-06-13
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-06-08
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-06-08
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-08
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-08


Contact Us

Shodan ® - All rights reserved