5 matches found
CVE-2026-32932
Chamilo LMS (affected versions: < 1.11.38 and
CVE-2026-32932 Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...
CVE-2022-50898 NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
PT-2026-2374
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
Oracle WebCenter Interaction Portal AjaxControl Component Denial of Service Vulnerability
Oracle WebCenter Interaction is an Oracle suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is an administrative interface.AjaxControl AjaxControl is one of the Ajax control components. A denial of...