Vulnerabilities > Chamilo > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-27423 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
network
low complexity
chamilo CWE-89
7.5
7.5
2021-12-03 CVE-2021-35414 SQL Injection vulnerability in Chamilo LMS
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
network
low complexity
chamilo CWE-89
7.5
7.5
2021-06-28 CVE-2021-34187 SQL Injection vulnerability in Chamilo
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
network
low complexity
chamilo CWE-89
7.5
7.5
2019-06-30 CVE-2019-13082 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS 1.11.8
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature.
network
low complexity
chamilo CWE-434
7.5
7.5
2018-07-23 CVE-2018-1999019 Code Injection vulnerability in Chamilo LMS
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution.
network
low complexity
chamilo CWE-94
7.5
7.5