Chamilo LMS server-side request forgery vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association that supports the creation of instructional content, remote training, and online question answering. The system supports the creation of instructional content, remote training and online question...

CVE-2022-27422

A reflected cross-site scripting XSS vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL...

Sql injection

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blogid parameter at /blog/blog.php...

CVE-2022-27426

A Server-Side Request Forgery SSRF in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file...

CVE-2022-27425

CVE-2022-27425 affects Chamilo LMS v1.11.13. The vulnerability is a cross-site scripting (XSS) flaw in the /blog/blog.php component. Public records (NVD, Red Hat, CNVD, OSV, CVE list) consistently describe the issue as XSS, with no details on exploit code or in‑the‑wild activity in the provided d...

CVE-2022-27425

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting XSS vulnerability via the component /blog/blog.php...