CVE-2021-34187

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter...

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium version 1.11.14 and earlier, version 1.12.7 and earlier,...

Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2022-33811)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. Chamilo LMS version 1.11.14 is vulnerable to cross-site request forgery, which can be exploited by attackers to execute arbitrary commands on the victim host via user interaction with specially...

Chamilo LMS Code Injection Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. Chamilo LMS version 1.11.14 contains a code injection vulnerability that could be exploited by attackers to execute arbitrary code via a specially crafted plug-in...

CVE-2021-40662

A Cross-Site Request Forgery CSRF in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL...

PT-2022-11296 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.14 Description: A Cross-Site Request Forgery CSRF issue allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. Recommendations: For Chamilo LMS version 1.11.14, update ...

Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover

Exploit Title: Chamilo LMS 1.11.14 - Account Takeover Date: July 21 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://chamilo.org Software Link: https://chamilo.org Version: Chamilo-lms-1.11.x Tested on: Chamilo-lms-1.11.x CVE: CVE-2021-37391 Publication:...

CVE-2021-37391

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social...

CVE-2021-37389

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter...

CVE-2021-37389

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter...

CVE-2021-37390

CVE-2021-37390 affects Chamilo LMS 1.11.14, where a reflected XSS vulnerability exists in the social search feature (main/social/search.php?q). The issue stems from input handling in the social/search path, enabling injection that could affect users who load the vulnerable page. Public references...

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A cross-site scripting vulnerability exists in Chamilo LMS 1.11.14, which ste...

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of content, distance training and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.14, which can be exploited by...

PT-2021-3474 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions prior to 1.11.14 Description: The issue is related to a lack of protection in the SQL query structure, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The searchFiel...

Chamilo XML External Entity Injection Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

Chamilo LMS 1.11.14 Remote Code Execution

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

Chamilo 信息泄露漏洞

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...