Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in social networking and internal messaging functions, which could lead to...

CVE-2024-47886

CVE-2024-47886 affects Chamilo (LMS). A post-authentication phar unserialize bug in the virtualization plugin (vchamilo) allows an administrator to execute arbitrary code on the server, via features exposed by the plugin, in versions 1.11.12–1.11.26. The issue is mitigated by upgrading to version...

PT-2023-25073 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID, due to incorrect access control. Recommendations: For...

PT-2023-25074 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...