Lucene search
K

179 matches found

CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Chamilo LMS 安全特征问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

7.5CVSS5.9AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had a security vulnerability. This vulnerability stemmed from the REST API...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from a chained...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

8.8CVSS6AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a cross-site scripting vulnerability. This vulnerability...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

7.1CVSS5.9AI score0.0028EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31999

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $ REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabili...

8.3CVSS5.9AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.14 views

PT-2026-32011

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Open Redirect flaw in the session course edit page. An attacker can redirect an authenticated administrator to an...

4.7CVSS5.9AI score0.00178EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32023

Chamilo LMS is a learning management system. Prior to 1.11.38, the get user info from username REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-32014

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. A chained attack can enable otherwise-blocked PHP code from the main/install/ directory, allowing an unauthenticated attacker to modify existing fil...

9.3CVSS5.8AI score0.00321EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

Chamilo LMS 输入验证错误漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS from 1.11.0 to 2.0-beta.1 contain a vulnerability related to input validation errors. Th...

4.7CVSS5.8AI score0.00165EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 8:16 p.m.7 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 8:16 p.m.7 views

CVE-2026-28430

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.8CVSS0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 7:21 p.m.3 views

EUVD-2026-12514

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 7:21 p.m.12 views

CVE-2026-30882

Chamilo LMS (versions ...). The issue is triggered when pagination controls render (more than 20 session categories). A fix is available in version 1.11.36, which patches this vulnerability. If you cannot upgrade, apply an input sanitization/encoding workaround for the affected parameter and revi...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/16 7:18 p.m.23 views

CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

6.3CVSS0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 7:18 p.m.11 views

CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

6.3CVSS5.7AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 7:18 p.m.3 views

EUVD-2026-12498

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

6.3CVSS5.7AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 7:13 p.m.23 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS0.00329EPSS
Exploits0References2
Rows per page
Query Builder