Lucene search
K

1454 matches found

Prion
Prion
added 2021/05/06 1:15 p.m.22 views

Cross site request forgery (csrf)

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

6.8CVSS8.8AI score0.00784EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.5 views

Chamilo LMS 跨站请求伪造漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS version...

8.8CVSS5.4AI score0.00784EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.4 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. An authorization issue vulnerability exists in Chamilo LMS version 1.11.10,...

4.9CVSS5.7AI score0.00898EPSS
Exploits1References3
CVE
CVE
added 2021/05/05 9:55 p.m.38 views

CVE-2020-23128

CVE-2020-23128 affects Chamilo LMS 1.11.10. The issue is improper privilege management: a user with Sessions administrator privileges can create a new user and then use the Edit User function to grant that user administrator privileges. The connected sources consistently describe this as a privil...

4.9CVSS5.1AI score0.00898EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/05 9:55 p.m.13 views

CVE-2020-23128

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege...

5.2AI score0.00898EPSS
Exploits1References2
CVE
CVE
added 2021/05/05 9:50 p.m.43 views

CVE-2020-23127

CVE-2020-23127 affects Chamilo LMS 1.11.10 with a Cross-Site Request Forgery (CSRF) via the edit_user function targeting an administrator. Connected sources indicate the root cause is insufficient validation of trusted requests in the web application. Reported impact is enabling unauthorized acti...

8.8CVSS8.8AI score0.00784EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/05 9:50 p.m.17 views

CVE-2020-23127

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery CSRF via the edituser function by targeting an admin user...

8.9AI score0.00784EPSS
Exploits1References2
NVD
NVD
added 2021/04/30 9:15 p.m.16 views

CVE-2021-31933

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...

7.2CVSS0.13933EPSS
Exploits4References4
OSV
OSV
added 2021/04/30 9:15 p.m.19 views

CVE-2021-31933

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...

7.2CVSS7.9AI score
Exploits0References4
Prion
Prion
added 2021/04/30 9:15 p.m.19 views

Remote code execution

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...

6.5CVSS7.4AI score0.13933EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2021/04/30 8:49 p.m.18 views

CVE-2021-31933

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...

7.2CVSS7.7AI score0.13933EPSS
Exploits4References4
CVE
CVE
added 2021/04/30 8:49 p.m.177 views

CVE-2021-31933

Chamilo LMS up to version 1.11.14 is affected by CVE-2021-31933 due to improper input sanitization for a file-upload parameter and inadequate file-extension filtering (e.g., .phar/.pht). This allows a remote authenticated administrator to upload a file containing PHP code via main/inc/lib/fileUpl...

7.2CVSS7.4AI score0.13933EPSS
Exploits4References4Affected Software1
CNNVD
CNNVD
added 2021/04/30 12:0 a.m.3 views

Chamilo 输入验证错误漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo version 1.11.14 and prior versions...

7.2CVSS7AI score0.13933EPSS
Exploits4References6
CNVD
CNVD
added 2021/02/20 12:0 a.m.5 views

Chamilo Cross-Site Scripting Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. A cross-site scripting vulnerability exists in Chamilo 1.11.14. An attacker can exploit this vulnerability via main/calendar/agendalist.php?type= URI to conduct cross-site scripting attacks...

6.1CVSS6.1AI score0.01039EPSS
Exploits0References1
NVD
NVD
added 2021/02/19 5:15 a.m.9 views

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

6.1CVSS0.01039EPSS
Exploits0References3
OSV
OSV
added 2021/02/19 5:15 a.m.14 views

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

6.1CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2021/02/19 5:15 a.m.12 views

Design/Logic Flaw

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

4.3CVSS5.9AI score0.01039EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/02/19 4:38 a.m.13 views

CVE-2021-26746

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

6.1AI score0.01039EPSS
Exploits0References3
CVE
CVE
added 2021/02/19 4:38 a.m.216 views

CVE-2021-26746

CVE-2021-26746 affects Chamilo 1.11.14, with a stored/reflected cross-site scripting vector accessible via main/calendar/agenda_list.php?type= URI. The vulnerability is documented across multiple feeds (NVD, CNVD, OSV, CVE list) as Chamilo XSS, with no explicit exploitation details, patches, or m...

6.1CVSS5.9AI score0.01039EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/02/19 12:0 a.m.5 views

Chamilo LMS 跨站脚本漏洞

Chamilo is a learning management system focused on ease of use and accessibility. A cross-site scripting vulnerability exists in Chamilo 1.11.14. An attacker can exploit this vulnerability via main/calendar/agendalist.php?type= URI to conduct cross-site scripting attacks...

6.1CVSS6.2AI score0.01039EPSS
Exploits0References4
Rows per page
Query Builder