2 matches found
PT-2026-25797
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom dates parameter. By chaining this with a predictable legacy password reset mechanism, an...
CVE-2025-59542
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...