13 matches found
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2024-50337
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2025-50187
CVE-2025-50187 affects Chamilo LMS. Prior to version 1.11.28, input from a SOAP request is evaluated without proper filtering, allowing Remote Code Execution via untrusted user input in the affected parameter. The vulnerability is rated with a high/critical impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/...
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
CVE-2024-50337
Chamilo LMS is affected (Chamilo LMS 1.11.x up to 1.11.26) by an unauthenticated, remote code execution flaw arising from unsafely evaluated SOAP request parameters. The issue is described in PT-2024-45 as exploitable via a parameter in a SOAP request that is not properly filtered, enabling arbit...
EUVD-2024-55456
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...
PT-2026-22589
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.28 Description Chamilo is a learning management system. A flaw exists where a parameter from a SOAP request is evaluated without proper filtering, potentially leading to Remote Code Execution. The issue was...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from Chamilo Open Source. The system supports the creation of instructional content, remote training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.28, which stems from th...