15 matches found
CVE-2025-50197
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
CVE-2025-50197
Chamilo LMS prior to 1.11.30 has an OS Command Injection in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. Exploitation could allow arbitrary command execution on the server. It is fixed in version 1.11.30 . CVSS v4 base score 7.1 (HIGH); attack vector: NETWORK, privil...
EUVD-2025-208166
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
Chamilo 操作系统命令注入漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the POST parameter “newlanguage” in the file...
CVE-2025-8303
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 With Doping Module – Store Module – New Language System allows Cross-Site Scripting XSS.This issue affects...
CVE-2025-8303
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 With Doping Module – Store Module – New Language System allows Cross-Site Scripting XSS. This issue affects...
CVE-2025-8303 XSS in EKA Software's Real Estate Script V5 (With Doping Module – Store Module – New Language System)
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 With Doping Module – Store Module – New Language System allows Cross-Site Scripting XSS. This issue affects...
CVE-2025-8303
CVE-2025-8303 describes an XSS vulnerability caused by improper neutralization of input during web page generation in EKA Software Real Estate Script V5 (with Doping Module – Store Module – New Language System). The issue affects Real Estate Script V5 up to version through 17022026. The vendor wa...
CVE-2025-8303 XSS in EKA Software's Real Estate Script V5 (With Doping Module – Store Module – New Language System)
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 With Doping Module – Store Module – New Language System allows Cross-Site Scripting XSS. This issue affects...
PT-2025-37376
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...
SUSE CVE-2007-1473
Cross-site scripting XSS vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the newlang parameter to login.php...
Directory traversal
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...