CVE-2026-32892

CVE-2026-32892 affects Chamilo LMS before 1.11.38 and 2.0.0-RC.3. The vulnerability is an OS command injection in the move() function of fileManage.lib.php, where user-controlled path values are concatenated into shell commands (e.g., exec("mv $source $target")) without escaping. The move_to POST...

60CycleCMS SQL注入漏洞

60CycleCMS is an open-source content management system developed by 60CycleCMS. Version 2.5.2 of 60CycleCMS has a SQL injection vulnerability. This vulnerability stems from SQL injections in the news.php and common/lib.php files, which could allow attackers to manipulate database queries with...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...

Moodle 'user/lib.php' Cross-Site Scripting Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in Moodle that stems from the program's...

CVE-2006-7120

CVE-2006-7120 is a PHP remote file inclusion in lib/php/phphtmllib-2.5.4; specifically, the vulnerability affects maintain 3.0.0-RC2 via example6.php where a URL supplied to the phphtmllib parameter can lead to code execution. The PT-2007-1398 analysis confirms the affected components: lib/php/ph...