Chamilo: >> Chamilo Security Vulnerabilities
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
CVSS Score
9.8
EPSS Score
0.032
Published
2023-11-28
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.03
Published
2023-11-28
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVSS Score
9.8
EPSS Score
0.89
Published
2023-11-28
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
CVSS Score
3.5
EPSS Score
0.01
Published
2023-08-21
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
CVSS Score
9.8
EPSS Score
0.94
Published
2023-08-01
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-07-07
Page 1