Vulnerabilities > Chamilo > Chamilo LMS > 1.11.6

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-1000017 Missing Authorization vulnerability in Chamilo LMS
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls.
network
low complexity
chamilo CWE-862
4.0
4.0
2019-02-04 CVE-2019-1000015 Cross-site Scripting vulnerability in Chamilo LMS
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies.
network
chamilo CWE-79
4.3
4.3
2018-07-23 CVE-2018-1999019 Code Injection vulnerability in Chamilo LMS
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution.
network
low complexity
chamilo CWE-94
7.5
7.5