15 matches found
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...
CVE-2023-4222
Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
EUVD-2023-54094
Malicious code in bioql PyPI...
EUVD-2023-54095
Malicious code in bioql PyPI...
DRUPAL-CONTRIB-2024-027
The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administrati...
Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027
The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administrati...
Chamilo LMS 1.11.x < 1.11.24 Multiple Vulnerabilities
Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...
CVE-2023-4222
Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
CVE-2023-4221
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
Command injection
Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
Command injection
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
CVE-2023-4221 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
DRUPAL-CONTRIB-2022-029
This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS. The module was providing too much user information about users such as the list of groups a uid is in...
Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029
This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS. The module was providing too much user information about users such as the list of groups a uid is in...
Free Training: New Certified Learning Paths
The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings! It is our mission to help Qualys customers and...