Lucene search
K

180 matches found

Cvelist
Cvelist
added 2026/03/16 7:13 p.m.24 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS0.00329EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 7:13 p.m.8 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS6.2AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25807

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $ REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.4 views

CVE-2025-59544

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

6.9CVSS5.7AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2025-59540

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is...

6.4CVSS6AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 4:16 a.m.9 views

CVE-2026-29041

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS0.00729EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 4:16 a.m.6 views

CVE-2025-59544

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

6.9CVSS0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 4:16 a.m.6 views

CVE-2025-59540

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is...

6.4CVSS0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 3:32 a.m.33 views

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

8.8CVSS0.00729EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 3:27 a.m.30 views

CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is...

6.4CVSS0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:27 a.m.17 views

CVE-2025-59540

CVE-2025-59540 affects Chamilo LMS prior to version 1.11.34. A stored cross-site scripting (XSS) vulnerability exists in the feedback input on the exercise history page, where unencoded input can be stored in the database and later rendered, enabling arbitrary JavaScript execution in the browser ...

6.4CVSS6.1AI score0.00177EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/06 3:27 a.m.6 views

EUVD-2025-208337

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is...

6.4CVSS6.1AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:27 a.m.12 views

CVE-2025-55289

Chamilo LMS has a stored XSS vulnerability in the social network and internal messaging features present in versions prior to 1.11.34. The issue allows an attacker to inject arbitrary JavaScript that executes in the browser of an authenticated user (including administrators) when viewing the inje...

9CVSS5.9AI score0.00299EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 3:27 a.m.32 views

CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS Verison 1.11.32 allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. When viewed by an authenticated user includin...

8.8CVSS0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23631

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo is a learning management system with a stored cross-site scripting XSS issue. The issue exists in the platform’s social network and internal messaging features. An attacker can inject...

9CVSS5.8AI score0.00299EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23634

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo LMS is susceptible to an authenticated remote code execution issue stemming from insufficient validation of uploaded files. The application depends on MIME-type verification for file upload...

8.8CVSS6.5AI score0.00729EPSS
Exploits0References8
CVE
CVE
added 2026/03/05 8:58 p.m.17 views

CVE-2025-55208

Summary: CVE-2025-55208 affects Chamilo LMS prior to 1.11.34. A Stored XSS via insecure file uploads in the Social Networks feature allows a low-privilege user to execute arbitrary code in the admin inbox, enabling admin account takeover. The issue is fixed in version 1.11.34. The provided metric...

9CVSS6.3AI score0.00307EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/05 8:58 p.m.31 views

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

9CVSS0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 8:58 p.m.4 views

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

9CVSS6.2AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23510

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo, a learning management system, contains a Stored Cross-Site Scripting XSS issue stemming from insecure file uploads within the Social Networks feature. A user with limited privileges can...

9CVSS6AI score0.00307EPSS
Exploits0References7
Rows per page
Query Builder