Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
8.2AI Score
0.003EPSS
Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
8.2AI Score
0.003EPSS
Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
8.2AI Score
0.003EPSS
Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
8.2AI Score
0.003EPSS
Command injection in main/lp/openoffice_text_document.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special...
8.8CVSS
8.7AI Score
0.002EPSS
Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...
6.1CVSS
7.7AI Score
0.002EPSS
Command injection in main/lp/openoffice_presentation.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special...
8.8CVSS
8.7AI Score
0.002EPSS
Path traversal in file upload functionality in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file...
9.8CVSS
9.2AI Score
0.004EPSS
Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...
9.8CVSS
9.9AI Score
0.004EPSS
Command injection in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of...
9.8CVSS
8.3AI Score
0.908EPSS
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary...
3.5CVSS
4.9AI Score
0.001EPSS
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint...
9.8CVSS
9.6AI Score
0.934EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories'...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management...
4.8CVSS
4.8AI Score
0.0004EPSS
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web...
8.8CVSS
8.3AI Score
0.001EPSS
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip...
8.8CVSS
8.8AI Score
0.004EPSS
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
6.1CVSS
6AI Score
0.001EPSS
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile...
6.8CVSS
7AI Score
0.001EPSS
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted...
8.8CVSS
9AI Score
0.004EPSS
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the...
6.1CVSS
5.9AI Score
0.001EPSS
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port...
6.1CVSS
5.9AI Score
0.001EPSS
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2...
9.8CVSS
9.8AI Score
0.011EPSS
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external...
6.5CVSS
6.4AI Score
0.003EPSS
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file...
7.2CVSS
7.3AI Score
0.026EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory...
6.1CVSS
5.8AI Score
0.003EPSS
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php...
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.8AI Score
0.001EPSS