1454 matches found
CVE-2021-34187
CVE-2021-34187 affects Chamilo LMS, specifically the file main/inc/ajax/model.ajax.php . The vulnerability allows SQL Injection via the parameters searchField , filters , or filters2 in Chamilo versions up to 1.11.14 . Exploitation could enable unauthenticated attackers to manipulate queries and ...
Chamilo LMS SQL注入漏洞
Chamilo is a learning management system focused on ease of use and accessibility. A SQL injection vulnerability exists in main/inc/ajax/model.ajax.php in Chamilo 1.11.14 and earlier versions. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the searchField,...
PT-2021-3474 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions prior to 1.11.14 Description: The issue is related to a lack of protection in the SQL query structure, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The searchFiel...
Chamilo XML External Entity Injection Vulnerability
Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...
Chamilo LMS 1.11.14 Remote Code Execution
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
Chamilo LMS 1.11.14 - Remote Code Execution Exploit
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
CVE-2021-32925
admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...
CVE-2021-32925
admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...
Xxe
admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...
CVE-2021-32925
CVE-2021-32925 affects Chamilo LMS, specifically Chamilo 1.11.x, where admin/user_import.php reads XML data without disabling external entities, enabling an XML External Entity (XXE) issue. Public sources in the connected data confirm the vulnerability class and affected module/file, with NVD rep...
CVE-2021-32925
admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...
Chamilo 信息泄露漏洞
Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...
Chamilo LMS Authorization Issues Vulnerability
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. An authorization issue vulnerability exists in Chamilo LMS version 1.11.10,...
Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2021-33522)
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...
Privilege escalation
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...