1454 matches found
Cross site request forgery (csrf)
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...
Chamilo LMS 跨站请求伪造漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. An authorization issue vulnerability exists in Chamilo LMS version 1.11.10,...
CVE-2020-23128
CVE-2020-23128 affects Chamilo LMS 1.11.10. The issue is improper privilege management: a user with Sessions administrator privileges can create a new user and then use the Edit User function to grant that user administrator privileges. The connected sources consistently describe this as a privil...
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...
CVE-2020-23127
CVE-2020-23127 affects Chamilo LMS 1.11.10 with a Cross-Site Request Forgery (CSRF) via the edit_user function targeting an administrator. Connected sources indicate the root cause is insufficient validation of trusted requests in the web application. Reported impact is enabling unauthorized acti...
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
Remote code execution
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
CVE-2021-31933
Chamilo LMS up to version 1.11.14 is affected by CVE-2021-31933 due to improper input sanitization for a file-upload parameter and inadequate file-extension filtering (e.g., .phar/.pht). This allows a remote authenticated administrator to upload a file containing PHP code via main/inc/lib/fileUpl...
Chamilo 输入验证错误漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo version 1.11.14 and prior versions...
Chamilo Cross-Site Scripting Vulnerability
Chamilo is a learning management system focused on ease of use and accessibility. A cross-site scripting vulnerability exists in Chamilo 1.11.14. An attacker can exploit this vulnerability via main/calendar/agendalist.php?type= URI to conduct cross-site scripting attacks...
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...
Design/Logic Flaw
Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...
CVE-2021-26746
CVE-2021-26746 affects Chamilo 1.11.14, with a stored/reflected cross-site scripting vector accessible via main/calendar/agenda_list.php?type= URI. The vulnerability is documented across multiple feeds (NVD, CNVD, OSV, CVE list) as Chamilo XSS, with no explicit exploitation details, patches, or m...
Chamilo LMS 跨站脚本漏洞
Chamilo is a learning management system focused on ease of use and accessibility. A cross-site scripting vulnerability exists in Chamilo 1.11.14. An attacker can exploit this vulnerability via main/calendar/agendalist.php?type= URI to conduct cross-site scripting attacks...