Lucene search
K

59 matches found

Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32023

Chamilo LMS is a learning management system. Prior to 1.11.38, the get user info from username REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from a chained...

9.8CVSS5.9AI score0.00321EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Chamilo LMS 安全特征问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

7.5CVSS5.9AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a cross-site scripting vulnerability. This vulnerability...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32002

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains a Reflected Cross-Site Scripting XSS issue in the exercise question list admin panel. The vulnerability occurs because the pagination code...

5.4CVSS6.1AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32010

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains a file upload issue in the exercise sound upload function. An authenticated teacher can upload a PHP webshell by...

7.5CVSS5.9AI score0.00495EPSS
Exploits0References6
NVD
NVD
added 2026/03/16 8:16 p.m.6 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 7:21 p.m.12 views

CVE-2026-30882

Chamilo LMS (versions ...). The issue is triggered when pagination controls render (more than 20 session categories). A fix is available in version 1.11.36, which patches this vulnerability. If you cannot upgrade, apply an input sanitization/encoding workaround for the affected parameter and revi...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/16 7:18 p.m.3 views

EUVD-2026-12498

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

6.3CVSS5.7AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 7:13 p.m.22 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25807

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $ REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 3:27 a.m.14 views

CVE-2025-59540

CVE-2025-59540 affects Chamilo LMS prior to version 1.11.34. A stored cross-site scripting (XSS) vulnerability exists in the feedback input on the exercise history page, where unencoded input can be stored in the database and later rendered, enabling arbitrary JavaScript execution in the browser ...

6.4CVSS6.1AI score0.00177EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23631

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo is a learning management system with a stored cross-site scripting XSS issue. The issue exists in the platform’s social network and internal messaging features. An attacker can inject...

9CVSS5.8AI score0.00299EPSS
Exploits0References6
OSV
OSV
added 2026/03/05 8:58 p.m.4 views

CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

9CVSS6.2AI score0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/02 2:47 p.m.25 views

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS0.00708EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 2:47 p.m.6 views

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7CVSS6AI score0.00708EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22621

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Version 1.11.8 of Chamilo LMS contains a code vulnerability. This vulnerability stems from the elfinder file...

8.8CVSS6.2AI score0.00376EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.5 views

Chamilo LMS security vulnerabilities

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Version 1.11.2 of Chamilo LMS contains a security vulnerability. This vulnerability stems from insufficient...

5.5CVSS5.8AI score0.00213EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.4 views

CVE-2023-4224

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS8.2AI score0.01828EPSS
Exploits1References1
Rows per page
Query Builder