Vulnerabilities > Chamilo

DATE CVE VULNERABILITY TITLE RISK
2023-09-01 CVE-2023-39582 SQL Injection vulnerability in Chamilo LMS
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
network
low complexity
chamilo CWE-89
4.9
2023-08-21 CVE-2023-39061 Cross-Site Request Forgery (CSRF) vulnerability in Chamilo
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.
network
low complexity
chamilo CWE-352
3.5
2023-08-01 CVE-2023-34960 Command Injection vulnerability in Chamilo
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
network
low complexity
chamilo CWE-77
critical
9.8
2023-07-07 CVE-2023-37061 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37062 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37063 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37064 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37065 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37066 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
network
low complexity
chamilo CWE-79
4.8
2023-07-07 CVE-2023-37067 Cross-site Scripting vulnerability in Chamilo
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
network
low complexity
chamilo CWE-79
4.8