Vulnerabilities > Chamilo > Chamilo > 1.11.14

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-37067 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
network
low complexity
chamilo CWE-79
4.8
4.8
2022-04-15 CVE-2022-27425 Cross-site Scripting vulnerability in Chamilo
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
network
chamilo CWE-79
4.3
4.3
2022-03-21 CVE-2021-38745 Code Injection vulnerability in Chamilo 1.11.14
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin.
network
high complexity
chamilo CWE-94
4.6
4.6
2022-03-21 CVE-2021-40662 Cross-Site Request Forgery (CSRF) vulnerability in Chamilo 1.11.14
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
network
chamilo CWE-352
6.8
6.8
2021-12-01 CVE-2021-43687 Cross-site Scripting vulnerability in Chamilo 1.11.14
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
network
chamilo CWE-79
4.3
4.3
2021-08-10 CVE-2021-37389 Cross-site Scripting vulnerability in Chamilo 1.11.14
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
network
chamilo CWE-79
4.3
4.3
2021-06-28 CVE-2021-34187 SQL Injection vulnerability in Chamilo
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
network
low complexity
chamilo CWE-89
7.5
7.5
2021-05-13 CVE-2021-32925 Information Exposure vulnerability in Chamilo
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
network
low complexity
chamilo CWE-200
5.5
5.5
2021-04-30 CVE-2021-31933 Improper Input Validation vulnerability in Chamilo
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht).
network
low complexity
chamilo CWE-20
6.5
6.5
2021-02-19 CVE-2021-26746 Cross-site Scripting vulnerability in Chamilo 1.11.14
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
network
chamilo CWE-79
4.3
4.3