Vulnerabilities > Chamilo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-31804 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | 5.4 |
| 2023-05-09 | CVE-2023-31805 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | 4.8 |
| 2023-05-09 | CVE-2023-31806 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | 5.4 |
| 2023-05-09 | CVE-2023-31807 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | 5.4 |
| 2022-10-17 | CVE-2022-42029 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11.16 Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | 8.8 |
| 2022-09-29 | CVE-2022-40407 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11 A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2022-04-15 | CVE-2022-27421 | Improper Input Validation vulnerability in Chamilo LMS Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | 7.2 |
| 2022-04-15 | CVE-2022-27422 | Cross-site Scripting vulnerability in Chamilo LMS A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. | 6.1 |
| 2022-04-15 | CVE-2022-27423 | SQL Injection vulnerability in Chamilo LMS Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. | 9.8 |
| 2022-04-15 | CVE-2022-27425 | Cross-site Scripting vulnerability in Chamilo Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. | 6.1 |