Vulnerabilities > Chamilo

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-28	CVE-2021-34187	SQL Injection vulnerability in Chamilo main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. network low complexity chamilo CWE-89	7.5
2021-05-13	CVE-2021-32925	Information Exposure vulnerability in Chamilo admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. network low complexity chamilo CWE-200	5.5
2021-05-06	CVE-2020-23127	Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.10 Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. network chamilo CWE-352	6.8
2021-05-06	CVE-2020-23128	Improper Privilege Management vulnerability in Chamilo LMS 1.11.10 Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. network low complexity chamilo CWE-269	4.0
2021-04-30	CVE-2021-31933	Improper Input Validation vulnerability in Chamilo A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). network low complexity chamilo CWE-20	6.5
2021-02-19	CVE-2021-26746	Cross-site Scripting vulnerability in Chamilo 1.11.14 Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. network chamilo CWE-79	4.3
2020-02-08	CVE-2012-4029	Cross-site Scripting vulnerability in Chamilo Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. network chamilo CWE-79	4.3
2020-01-30	CVE-2013-0739	Cross-site Scripting vulnerability in Chamilo 1.9.4 Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. network chamilo CWE-79	4.3
2020-01-30	CVE-2013-0738	Cross-site Scripting vulnerability in Chamilo 1.9.4 Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. network chamilo CWE-79	4.3
2020-01-10	CVE-2012-4030	Improper Input Validation vulnerability in Chamilo LMS Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. network low complexity chamilo CWE-20	6.4

Vulnerabilities > Chamilo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Chamilo"}]}

Vulnerabilities > Chamilo