Chamilo LMS 代码注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.36 of Chamilo LMS, there was a code injection vulnerability. This vulnerability stemmed fr...

EUVD-2023-38983

Malicious code in bioql PyPI...

PT-2022-26210 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo version 1.11.16 Description: The issue allows authenticated users with access to 'big file uploads' to copy or move files from anywhere in the file system into the web directory. This is due to an authenticated local file inclusion...

PT-2022-25370 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo version 1.11 Description: A zip slip vulnerability in the file upload function allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For Chamilo version 1.11, update to a version that fixes the zip slip...

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...