PT-2026-32915

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

CVE-2021-38745

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page...

CVE-2013-0739

Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...

CVE-2023-34961

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting XSS vulnerability via the /feedback/comment field...

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 has a cross-site scripting vulnerability, and no detailed...

PT-2021-3474 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions prior to 1.11.14 Description: The issue is related to a lack of protection in the SQL query structure, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The searchFiel...