CVE-2023-34962

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes...

CVE-2023-34959

An issue in Chamilo v1.11. up to v1.11.18 allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...

Improper access control

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes...

CVE-2022-40407

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2022-40407

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...

Unrestricted file upload

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2022-40407

CVE-2022-40407 concerns Chamilo LMS, affecting version 1.11. The connected documents describe a zip-slip vulnerability in Chamilo’s file-upload function that enables remote code execution via a crafted Zip file. The underlying issue is a zip-slip extraction flaw in the upload handling, leading to...

CVE-2022-40407

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2022-40407

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...