Vulnerabilities > Chamilo > Chamilo LMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-4220 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
network
low complexity
chamilo CWE-434
6.1
6.1
2023-09-01 CVE-2023-39582 SQL Injection vulnerability in Chamilo LMS
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
network
low complexity
chamilo CWE-89
4.9
4.9
2023-06-08 CVE-2023-34958 Unspecified vulnerability in Chamilo LMS
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
network
low complexity
chamilo
4.3
4.3
2023-06-08 CVE-2023-34959 Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
network
low complexity
chamilo CWE-918
5.3
5.3
2023-06-08 CVE-2023-34961 Cross-site Scripting vulnerability in Chamilo LMS
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
network
low complexity
chamilo CWE-79
6.1
6.1
2023-05-09 CVE-2023-31799 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
network
low complexity
chamilo CWE-79
4.8
4.8
2023-05-09 CVE-2023-31800 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31801 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
network
low complexity
chamilo CWE-79
6.1
6.1
2023-05-09 CVE-2023-31802 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31803 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
network
low complexity
chamilo CWE-79
4.8
4.8