Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Chamilo Subscribe
Filtered by product Chamilo Lms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4222 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4223 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4221 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4224 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4225 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4226 1 Chamilo 1 Chamilo Lms 2023-11-30 N/A 8.8 HIGH
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2022-27421 1 Chamilo 1 Chamilo Lms 2023-08-08 6.5 MEDIUM 7.2 HIGH
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
CVE-2021-35413 1 Chamilo 1 Chamilo Lms 2022-07-12 6.0 MEDIUM 8.8 HIGH
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
CVE-2022-27426 1 Chamilo 1 Chamilo Lms 2022-04-25 6.5 MEDIUM 8.8 HIGH
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
CVE-2020-23127 1 Chamilo 1 Chamilo Lms 2021-05-07 6.8 MEDIUM 8.8 HIGH
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVE-2012-4030 1 Chamilo 1 Chamilo Lms 2020-01-15 6.4 MEDIUM 7.5 HIGH
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
CVE-2018-20329 1 Chamilo 1 Chamilo Lms 2019-01-07 5.5 MEDIUM 8.1 HIGH
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.