Vulnerabilities > Chamilo > Chamilo LMS > 1.11.6

DATE CVE VULNERABILITY TITLE RISK
2023-06-08 CVE-2023-34959 Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
network
low complexity
chamilo CWE-918
5.3
5.3
2023-06-08 CVE-2023-34961 Cross-site Scripting vulnerability in Chamilo LMS
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
network
low complexity
chamilo CWE-79
6.1
6.1
2023-06-08 CVE-2023-34962 Unspecified vulnerability in Chamilo LMS
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
network
low complexity
chamilo
8.1
8.1
2022-04-15 CVE-2022-27422 Cross-site Scripting vulnerability in Chamilo LMS
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
network
low complexity
chamilo CWE-79
6.1
6.1
2022-04-15 CVE-2022-27423 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
network
low complexity
chamilo CWE-89
critical
 9.8
9.8
2022-04-15 CVE-2022-27426 Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
network
low complexity
chamilo CWE-918
8.8
8.8
2021-12-03 CVE-2021-35413 Missing Authorization vulnerability in Chamilo LMS
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
network
low complexity
chamilo CWE-862
8.8
8.8
2021-12-03 CVE-2021-35414 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
network
low complexity
chamilo CWE-89
critical
 9.8
9.8
2021-12-03 CVE-2021-35415 Cross-site Scripting vulnerability in Chamilo LMS
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
network
low complexity
chamilo CWE-79
4.8
4.8
2021-08-10 CVE-2021-37391 Cross-site Scripting vulnerability in Chamilo LMS
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
network
low complexity
chamilo CWE-79
5.4
5.4