16 matches found
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2025-50187
CVE-2025-50187 affects Chamilo LMS. Prior to version 1.11.28, input from a SOAP request is evaluated without proper filtering, allowing Remote Code Execution via untrusted user input in the affected parameter. The vulnerability is rated with a high/critical impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/...
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
EUVD-2024-55456
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2024-50337
CVE-2024-50337 affects Chamilo LMS prior to version 1.11.28, where the OpenId function allows unauthenticated requests to arbitrary URLs on the server, resulting in unauthenticated blind SSRF. Multiple sources (NVD, Red Hat advisory, CVE records) confirm the issue and its patch in 1.11.28. Affect...
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
PT-2026-22589
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.28 Description Chamilo is a learning management system. A flaw exists where a parameter from a SOAP request is evaluated without proper filtering, potentially leading to Remote Code Execution. The issue was...
Chamilo 安全漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.28 contained security vulnerabilities; these vulnerabilities stemmed from unfiltered SOAP request parameters, which could lead to remote code execution...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from Chamilo Open Source. The system supports the creation of instructional content, remote training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.28, which stems from th...
Django SQL Injection Vulnerability (CNVD-2020-04524)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A SQL injection vulnerability exists in Django versions 1.11 before 1.11.28, 2.2 before 2.2.10, an...
Django -- potential SQL injection vulnerability
MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...