Lucene search
K

1454 matches found

CVE
CVE
added 2021/06/28 3:35 p.m.62 views

CVE-2021-34187

CVE-2021-34187 affects Chamilo LMS, specifically the file main/inc/ajax/model.ajax.php . The vulnerability allows SQL Injection via the parameters searchField , filters , or filters2 in Chamilo versions up to 1.11.14 . Exploitation could enable unauthenticated attackers to manipulate queries and ...

9.8CVSS9.9AI score0.15576EPSS
In wildExploits1References4Affected Software1
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.3 views

Chamilo LMS SQL注入漏洞

Chamilo is a learning management system focused on ease of use and accessibility. A SQL injection vulnerability exists in main/inc/ajax/model.ajax.php in Chamilo 1.11.14 and earlier versions. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the searchField,...

9.8CVSS5.9AI score0.15576EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/06/28 12:0 a.m.5 views

PT-2021-3474 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions prior to 1.11.14 Description: The issue is related to a lack of protection in the SQL query structure, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The searchFiel...

9.8CVSS9.5AI score0.15576EPSS
Exploits1References8
CNVD
CNVD
added 2021/05/14 12:0 a.m.4 views

Chamilo XML External Entity Injection Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

6.5CVSS7AI score0.01922EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/05/14 12:0 a.m.188 views

Chamilo LMS 1.11.14 Remote Code Execution

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

6.5CVSS0.1AI score0.13933EPSS
Exploits4
0day.today
0day.today
added 2021/05/14 12:0 a.m.121 views

Chamilo LMS 1.11.14 - Remote Code Execution Exploit

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

7.2CVSS7AI score0.13933EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/14 12:0 a.m.185 views

Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

7.2CVSS7.2AI score0.13933EPSS
Exploits4
NVD
NVD
added 2021/05/13 6:15 p.m.9 views

CVE-2021-32925

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

6.5CVSS0.01922EPSS
Exploits1References4
OSV
OSV
added 2021/05/13 6:15 p.m.22 views

CVE-2021-32925

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

6.5CVSS7AI score0.01922EPSS
Exploits1References4
Prion
Prion
added 2021/05/13 6:15 p.m.16 views

Xxe

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

5.5CVSS6.4AI score0.01922EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/05/13 5:50 p.m.54 views

CVE-2021-32925

CVE-2021-32925 affects Chamilo LMS, specifically Chamilo 1.11.x, where admin/user_import.php reads XML data without disabling external entities, enabling an XML External Entity (XXE) issue. Public sources in the connected data confirm the vulnerability class and affected module/file, with NVD rep...

6.5CVSS6.6AI score0.01922EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/05/13 5:50 p.m.13 views

CVE-2021-32925

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

7.3AI score0.01922EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.5 views

Chamilo 信息泄露漏洞

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

6.5CVSS5.8AI score0.01922EPSS
Exploits1References4
CNVD
CNVD
added 2021/05/07 12:0 a.m.4 views

Chamilo LMS Authorization Issues Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. An authorization issue vulnerability exists in Chamilo LMS version 1.11.10,...

4.9CVSS6.7AI score0.00898EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/07 12:0 a.m.6 views

Chamilo LMS Cross-Site Request Forgery Vulnerability (CNVD-2021-33522)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...

8.8CVSS6.6AI score0.00784EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.17 views

CVE-2020-23128

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...

4.9CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2021/05/06 1:15 p.m.14 views

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

8.8CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2021/05/06 1:15 p.m.12 views

CVE-2020-23128

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...

4.9CVSS0.00898EPSS
Exploits1References2
NVD
NVD
added 2021/05/06 1:15 p.m.10 views

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

8.8CVSS0.00784EPSS
Exploits1References2
Prion
Prion
added 2021/05/06 1:15 p.m.15 views

Privilege escalation

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...

4CVSS5.1AI score0.00898EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder