CVE-2022-27425

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting XSS vulnerability via the component /blog/blog.php...

EUVD-2021-23959

Malware in sbrugna...

CVE-2024-51142

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file...

CVE-2021-35413

A remote code execution RCE vulnerability in courseintropdfimport.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file...

CVE-2024-30616

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity...

PT-2023-28293 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS versions prior to 1.11.24 Description: The issue concerns improper neutralisation of special characters, allowing command injection in the main/lp/openoffice presentation.class.php file. This enables users who are permitted to...

Cross site scripting

chamilo-lms v1.11.14 is affected by a Cross Site Scripting XSS vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie...