Vulnerabilities > Chamilo

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31804 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
network
low complexity
chamilo CWE-79
5.4
2023-05-09 CVE-2023-31805 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
network
low complexity
chamilo CWE-79
4.8
2023-05-09 CVE-2023-31806 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
network
low complexity
chamilo CWE-79
5.4
2023-05-09 CVE-2023-31807 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
network
low complexity
chamilo CWE-79
5.4
2022-10-17 CVE-2022-42029 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11.16
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
network
low complexity
chamilo CWE-434
8.8
2022-09-29 CVE-2022-40407 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
network
low complexity
chamilo CWE-434
8.8
2022-04-15 CVE-2022-27421 Improper Input Validation vulnerability in Chamilo LMS 1.11.14/1.11.16/1.11.18
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
network
low complexity
chamilo CWE-20
7.2
2022-04-15 CVE-2022-27422 Cross-site Scripting vulnerability in Chamilo LMS
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
network
chamilo CWE-79
4.3
2022-04-15 CVE-2022-27423 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
network
low complexity
chamilo CWE-89
7.5
2022-04-15 CVE-2022-27425 Cross-site Scripting vulnerability in Chamilo
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
network
chamilo CWE-79
4.3