Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 6:1 p.m.4 views

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:32 a.m.14 views

CVE-2026-29041

Chamilo LMS is affected prior to version 1.11.34 by an authenticated remote code execution flaw due to inadequate validation of uploaded files. The system relies on MIME-type checks and does not properly validate file extensions or enforce safe storage, allowing an authenticated low-privileged us...

8.8CVSS6.6AI score0.00729EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:58 p.m.3 views

CVE-2025-55208

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...

9CVSS6.3AI score0.00307EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/02 2:39 p.m.28 views

CVE-2025-52482 Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30...

8.3CVSS0.00373EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22587

Name of the Vulnerable Software and Affected Versions Chamilo versions 1.11.12 through 1.11.26 Description Chamilo is a learning management system affected by a post-authentication PHP unserialize issue that can lead to remote code execution RCE. The vulnerability allows an administrator to execu...

8.7CVSS6.8AI score0.00905EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 2:22 a.m.9 views

CVE-2023-34961

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting XSS vulnerability via the /feedback/comment field...

6.1CVSS6.1AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.8 views

CVE-2022-40407

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file...

8.8CVSS8.6AI score0.0123EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/10/27 8:18 p.m.91 views

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

Chamilo LMS CVE-2023-4220 Exploit Overview This script ex...

8.1CVSS8AI score0.76084EPSS
Exploits27
ATTACKERKB
ATTACKERKB
added 2023/07/07 5:15 p.m.4 views

CVE-2023-37064

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section...

4.8CVSS5.7AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder