Vulnerabilities > Chamilo > Chamilo LMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-34944 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
network
low complexity
chamilo CWE-434
critical
 9.8
9.8
2022-04-15 CVE-2022-27423 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
network
low complexity
chamilo CWE-89
critical
 9.8
9.8
2021-12-03 CVE-2021-35414 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
network
low complexity
chamilo CWE-89
critical
 9.8
9.8
2019-06-30 CVE-2019-13082 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS 1.11.8
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature.
network
low complexity
chamilo CWE-434
critical
 9.8
9.8
2018-07-23 CVE-2018-1999019 Code Injection vulnerability in Chamilo LMS
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution.
network
low complexity
chamilo CWE-94
critical
 9.8
9.8