Lucene search
K

57 matches found

CVE
CVE
added 2020/01/10 4:58 p.m.105 views

CVE-2012-4030

CVE-2012-4030 affects Chamilo before 1.8.8.6, where the index.php input handling is insecure, allowing remote attackers to delete arbitrary files. The issue is described in the NVD entry as a vulnerability in Chamilo that could enable unauthorized file deletion via crafted input. Public reference...

7.5CVSS7.5AI score0.01338EPSS
Web
CVE
CVE
added 2021/08/10 7:2 p.m.69 views

CVE-2021-37390

CVE-2021-37390 affects Chamilo LMS 1.11.14, where a reflected XSS vulnerability exists in the social search feature (main/social/search.php?q). The issue stems from input handling in the social/search path, enabling injection that could affect users who load the vulnerable page. Public references...

6.1CVSS6.2AI score0.0081EPSS
Web
CVE
CVE
added 2026/04/10 6:52 p.m.26 views

CVE-2026-33707

Chamilo LMS (affected: prior to 1.11.38 and 2.0.0-RC.3) uses a weak password reset token by generating tokens as sha1(email) with no randomness, no expiration, and no rate limiting. An attacker who knows a user’s email can compute the reset token and change the password without authentication. Th...

9.8CVSS5.8AI score0.00426EPSS
CVE
CVE
added 2026/03/06 3:32 a.m.23 views

CVE-2025-59543

CVE-2025-59543 describes a stored XSS in Chamilo LMS prior to version 1.11.34. An attacker with a low-privilege account (e.g., trainer) can inject malicious JavaScript into the course description, which executes in other users’ browsers (including admins) and can exfiltrate session cookies/tokens...

9CVSS6AI score0.00253EPSS
CVE
CVE
added 2026/04/10 5:37 p.m.23 views

CVE-2026-31941

Chamilo LMS prior to versions 1.11.38 and 2.0.0-RC.3 is affected by a Server-Side Request Forgery (SSRF) in the Social Wall feature. The read_url_with_open_graph endpoint accepts a user-supplied URL via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests without...

7.7CVSS5.9AI score0.00231EPSS
CVE
CVE
added 2026/01/18 12:2 a.m.22 views

CVE-2026-1106

Chamilo LMS up to 2.0.0 Beta 1 is affected by a vulnerability in the Legal Consent Handler, specifically the deleteLegal function in src/CoreBundle/Controller/SocialController.php. According to the documents, manipulating the userId argument yields improper authorization, and the issue can be exp...

5.5CVSS6.3AI score0.00393EPSS
CVE
CVE
added 2026/03/02 3:46 p.m.21 views

CVE-2025-50198

CVE-2025-50198 affects Chamilo before version 1.11.30. The vulnerability is a deserialization of untrusted data in /plugin/vchamilo/views/import.php triggered via POST parameters (configuration_file, course_path, home_path). The issue is addressed in Chamilo 1.11.30. According to the provided met...

8.8CVSS5.9AI score0.00344EPSS
Web
CVE
CVE
added 2026/04/10 5:51 p.m.21 views

CVE-2026-32932

Chamilo LMS (affected versions: < 1.11.38 and

6.1CVSS5.9AI score0.00178EPSS
CVE
CVE
added 2026/03/06 3:30 a.m.19 views

CVE-2025-59542

Chamilo LMS prior to version 1.11.34 is affected by a stored XSS vulnerability in the course learning path Settings field. A low-privileged user (e.g., trainer) can inject JavaScript that executes in other users’ contexts (including admins), enabling exfiltration of session cookies or tokens and ...

9CVSS6AI score0.00299EPSS
CVE
CVE
added 2026/03/16 7:16 p.m.19 views

CVE-2026-30875

Chamilo LMS (prior to v1.11.36) exposes an authenticated RCE via H5P Import. An attacker with Teacher role can upload a crafted H5P package that bypasses validation (H5P package validation only checks for h5p.json and does not block .htaccess or PHP files with alternate extensions), enabling exec...

8.8CVSS6.1AI score0.00515EPSS
CVE
CVE
added 2026/03/02 2:37 p.m.18 views

CVE-2025-50187

CVE-2025-50187 affects Chamilo LMS. Prior to version 1.11.28, input from a SOAP request is evaluated without proper filtering, allowing Remote Code Execution via untrusted user input in the affected parameter. The vulnerability is rated with a high/critical impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/...

9.8CVSS5.9AI score0.00879EPSS
CVE
CVE
added 2026/03/02 3:48 p.m.18 views

CVE-2025-52470

CVE-2025-52470 affects Chamilo LMS prior to version 1.11.30. It is a stored XSS vulnerability in session_category_add.php where improper sanitization of the Category Name allows privileged users to inject persistent JavaScript payloads. The injected script can execute when administrators access a...

4.8CVSS5.7AI score0.00214EPSS
CVE
CVE
added 2026/04/10 5:56 p.m.18 views

CVE-2026-32892

CVE-2026-32892 affects Chamilo LMS before 1.11.38 and 2.0.0-RC.3. The vulnerability is an OS command injection in the move() function of fileManage.lib.php, where user-controlled path values are concatenated into shell commands (e.g., exec("mv $source $target")) without escaping. The move_to POST...

9.1CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2026/04/10 5:44 p.m.18 views

CVE-2026-32894

CVE-2026-32894 affects Chamilo LMS. Affected: gradebook result view in Chamilo before 1.11.38 and 2.0.0-RC.3. Issue: Insecure Direct Object Reference (IDOR) allows any authenticated teacher to delete any student’s grade result across the platform by manipulating delete_mark or resultdelete GET pa...

7.1CVSS5.8AI score0.0028EPSS
CVE
CVE
added 2026/03/02 3:16 p.m.17 views

CVE-2025-50193

CVE-2025-50193 affects Chamilo LMS prior to version 1.11.30. The vulnerability is an OS command injection in the file /plugin/vchamilo/views/import.php triggered by the POST parameter to_main_database , potentially enabling a remote attacker to execute arbitrary commands (and, per PT-2025-37308, ...

7.2CVSS5.9AI score0.02603EPSS
Web
CVE
CVE
added 2026/03/02 3:47 p.m.17 views

CVE-2025-52468

Chamilo LMS contains a stored XSS vulnerability (CVE-2025-52468) in CSV user imports prior to v1.11.30, due to insufficient sanitization in Last Name, First Name, and Username fields. The stored payload is triggered when a user profile is viewed in the context of the authenticated user. Patch rel...

8.8CVSS5.9AI score0.00351EPSS
CVE
CVE
added 2026/03/05 8:58 p.m.17 views

CVE-2025-55208

Summary: CVE-2025-55208 affects Chamilo LMS prior to 1.11.34. A Stored XSS via insecure file uploads in the Social Networks feature allows a low-privilege user to execute arbitrary code in the admin inbox, enabling admin account takeover. The issue is fixed in version 1.11.34. The provided metric...

9CVSS6.3AI score0.00307EPSS
CVE
CVE
added 2026/03/16 7:19 p.m.17 views

CVE-2026-30881

Chamilo LMS (versions

8.8CVSS6AI score0.00276EPSS
CVE
CVE
added 2026/04/10 5:48 p.m.17 views

CVE-2026-32930

Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....

7.1CVSS5.8AI score0.00193EPSS
CVE
CVE
added 2026/04/10 6:14 p.m.17 views

CVE-2026-33698

Chamilo LMS prior to 1.11.38 is vulnerable to a chained attack that can enable otherwise-blocked PHP code from the main/install/ directory, allowing an unauthenticated attacker to modify existing files or create new files where permitted by system permissions. The issue affects portals where main...

9.8CVSS5.8AI score0.00321EPSS
CVE
CVE
added 2026/03/02 2:49 p.m.16 views

CVE-2025-50189

Chamilo LMS prior to 1.11.30 is vulnerable to an error-based SQL injection arising from insufficient validation of user-supplied data in POST resource[document][SQL_INJECTION_HERE] and in POST login parameters at /main/coursecopy/copy_course_session_selected.php. The vulnerability can allow an at...

8.8CVSS5.9AI score0.00733EPSS
Web
CVE
CVE
added 2026/03/02 3:18 p.m.16 views

CVE-2025-50197

Chamilo LMS prior to 1.11.30 has an OS Command Injection in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. Exploitation could allow arbitrary command execution on the server. It is fixed in version 1.11.30 . CVSS v4 base score 7.1 (HIGH); attack vector: NETWORK, privil...

7.2CVSS5.9AI score0.02657EPSS
Web
CVE
CVE
added 2026/03/06 3:29 a.m.16 views

CVE-2025-59541

CVE-2025-59541 (Chamilo LMS) : Prior to 1.11.34, a CSRF vulnerability allows an authenticated trainer to delete projects within a course by visiting a malicious page, due to missing anti-CSRF protections and reliance on GET requests. The issue enables unauthorized project deletion with high impac...

8.1CVSS5.8AI score0.00151EPSS
CVE
CVE
added 2026/03/16 7:13 p.m.16 views

CVE-2026-28430

Chamilo LMS is affected by an unauthenticated SQL injection in the chamiko-lms model.ajax.php component prior to version 1.11.34, exploitable via the custom_dates parameter. Successful exploitation can lead to full administrative account takeover and access to the entire database (including PII a...

9.8CVSS6.1AI score0.00329EPSS
CVE
CVE
added 2026/03/02 2:36 p.m.15 views

CVE-2025-50186

Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...

4.8CVSS5.9AI score0.00295EPSS
CVE
CVE
added 2026/03/02 2:54 p.m.15 views

CVE-2025-50192

CVE-2025-50192 affects Chamilo LMS prior to version 1.11.30. A time-based SQL injection exists in the SOAP web service endpoint at /main/webservices/registration.soap.php , arising from insufficient validation of XML object sequences. The vulnerability is fixed in Chamilo 1.11.30 . Multiple conne...

9.8CVSS5.8AI score0.00587EPSS
CVE
CVE
added 2026/03/02 3:50 p.m.15 views

CVE-2025-50199

Chamilo LMS is affected by a blind SSRF in /index.php via POST parameter openid_url, prior to version 1.11.30. The issue is patched in 1.11.30. Attack vector is network-based with low complexity; CVSSv3.1 base: 9.1 (Impact: Confidentiality High, Availability High). The vulnerability Details in co...

9.1CVSS5.9AI score0.00364EPSS
CVE
CVE
added 2026/03/02 3:50 p.m.15 views

CVE-2025-52563

Chamilo (LMS) is affected by a reflected XSS vulnerability in the session/add_users_to_session.php endpoint caused by insufficient sanitization of the page parameter. The issue exists before version 1.11.30 and is patched in v1.11.30. Evidence across sources (CVE-2025-52563) confirms the vulnerab...

6.1CVSS5.7AI score0.00155EPSS
Web
CVE
CVE
added 2026/03/02 3:54 p.m.15 views

CVE-2025-52564

Chamilo LMS before 1.11.30 is affected by an HTML injection vulnerability in the open parameter of help.php, allowing a crafted URL to inject arbitrary HTML. The underlying issue is insufficient sanitization of user input. The flaw has been fixed in version 1.11.30. Affected product: Chamilo LMS;...

6.9CVSS5.9AI score0.00192EPSS
CVE
CVE
added 2026/03/06 3:32 a.m.15 views

CVE-2025-59544

Chamilo LMS prior to v1.11.34 contained an authorization bypass in the category_id parameter that allowed updating any user’s category without checks. The issue affects the user category update functionality and was fixed in v1.11.34. CVSS 4.0 base score 6.9 (MEDIUM) with NETWORK attack vector an...

6.9CVSS5.8AI score0.00167EPSS
CVE
CVE
added 2026/04/10 5:50 p.m.15 views

CVE-2026-32931

CVE-2026-32931: Chamilo LMS has an unrestricted file upload vulnerability in the exercise sound upload function. Before versions 1.11.38 and 2.0.0-RC.3, an authenticated teacher could spoof Content-Type to audio/mpeg, upload a PHP webshell with its original .php extension into a web-accessible di...

8.8CVSS5.9AI score0.00495EPSS
CVE
CVE
added 2026/04/10 6:15 p.m.15 views

CVE-2026-33702

Chamilo LMS before 1.11.38 and 2.0.0-RC.3 contains an IDOR in lp_ajax_save_item.php where a uid is read from $_REQUEST and used to load/modify another user’s Learning Path progress (score, status, completion, time) without verifying the requester’s identity. Any authenticated course-enrolled user...

7.1CVSS5.8AI score0.00238EPSS
CVE
CVE
added 2026/04/10 6:59 p.m.15 views

CVE-2026-33710

Chamilo LMS (prior to 1.11.38 and 2.0.0-RC.3) uses REST API keys generated by md5(time() + (user_id * 5) - rand(10000, 10000)). Since rand(10000,10000) always returns 10000, the key becomes md5(timestamp + user_id*5 - 10000), enabling brute-forcing by an attacker who knows a username and approxim...

7.5CVSS5.8AI score0.00288EPSS
CVE
CVE
added 2026/03/02 2:26 p.m.14 views

CVE-2024-50337

CVE-2024-50337 affects Chamilo LMS prior to version 1.11.28, where the OpenId function allows unauthenticated requests to arbitrary URLs on the server, resulting in unauthenticated blind SSRF. Multiple sources (NVD, Red Hat advisory, CVE records) confirm the issue and its patch in 1.11.28. Affect...

5.3CVSS5.8AI score0.00323EPSS
CVE
CVE
added 2026/03/02 3:16 p.m.14 views

CVE-2025-50195

CVE-2025-50195 affects the Chamilo learning management system. A vulnerability in the file /plugin/vchamilo/views/manage.controller.php allows an OS Command Injection on Chamilo installations running versions prior to 1.11.30 . The issue has been addressed in Chamilo release 1.11.30 (patch/commit...

7.2CVSS5.9AI score0.02657EPSS
CVE
CVE
added 2026/03/02 3:48 p.m.14 views

CVE-2025-52469

Chamilo LMS prior to version 1.11.30 contains a logic vulnerability in the social network/ friend-request workflow that allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint, bypassing normal send/accept flows and even adding non-existent users. T...

7.1CVSS5.9AI score0.00289EPSS
CVE
CVE
added 2026/03/06 3:27 a.m.14 views

CVE-2025-59540

CVE-2025-59540 affects Chamilo LMS prior to version 1.11.34. A stored cross-site scripting (XSS) vulnerability exists in the feedback input on the exercise history page, where unencoded input can be stored in the database and later rendered, enabling arbitrary JavaScript execution in the browser ...

6.4CVSS6.1AI score0.00177EPSS
CVE
CVE
added 2026/04/10 7:5 p.m.14 views

CVE-2026-33737

Chamilo LMS contains an XML External Entity (XXE) vulnerability in multiple files using simplexml_load_string() without XXE protection. With LIBXML_NOENT enabled, an attacker could read arbitrary server files. The issue affects versions prior to 1.11.38 and 2.0.0-RC.3, and is fixed in 1.11.38 and...

6.5CVSS5.9AI score0.0022EPSS
CVE
CVE
added 2026/03/02 2:53 p.m.13 views

CVE-2025-50191

Chamilo LMS is affected by an error-based SQL injection in the /main/exercise/hotpotatoes.php script via POST to userFile, exploitable on versions prior to 1.11.30. The vulnerability allows an attacker to impact confidentiality and availability (HIGH severity per CVSS 4.0 metrics), with attack ve...

7.2CVSS5.9AI score0.00537EPSS
Web
CVE
CVE
added 2026/03/02 3:16 p.m.13 views

CVE-2025-50194

CVE-2025-50194 affects Chamilo LMS prior to 1.11.30, with an OS Command Injection vulnerability in the /main/cron/lang/check_parse_lang.php module. The underlying issue allows an attacker to influence command execution within the affected environment, enabling potential remote impact as described...

7.2CVSS5.9AI score0.02603EPSS
CVE
CVE
added 2026/03/02 3:17 p.m.13 views

CVE-2025-50196

Chamilo LMS prior to 1.11.30 is affected by an issue in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. The vulnerability allowed exploitation that could lead to arbitrary SQL queries being executed. It is patched in version 1.11.30; update to 1.11.30 or later to rem...

7.2CVSS5.9AI score0.02746EPSS
Web
CVE
CVE
added 2026/03/06 3:32 a.m.13 views

CVE-2026-29041

Chamilo LMS is affected prior to version 1.11.34 by an authenticated remote code execution flaw due to inadequate validation of uploaded files. The system relies on MIME-type checks and does not properly validate file extensions or enforce safe storage, allowing an authenticated low-privileged us...

8.8CVSS6.6AI score0.00729EPSS
CVE
CVE
added 2026/04/10 6:30 p.m.13 views

CVE-2026-33704

CVE-2026-33704 affects Chamilo LMS prior to version 1.11.38. An authenticated user (including students) can use the BigUpload endpoint to write arbitrary content to server files: the key parameter selects the filename and the raw POST body becomes the file contents. Although .php extensions are f...

8.8CVSS6AI score0.0042EPSS
CVE
CVE
added 2026/03/02 2:47 p.m.12 views

CVE-2025-50188

CVE-2025-50188 affects Chamilo LMS prior to version 1.11.30. The vulnerability arises from insufficient validation of user-supplied data in GET parameters for the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php , enabling an attacker to alter database query log...

7.2CVSS6AI score0.00708EPSS
Web
CVE
CVE
added 2026/03/16 7:21 p.m.12 views

CVE-2026-30882

Chamilo LMS (versions ...). The issue is triggered when pagination controls render (more than 20 session categories). A fix is available in version 1.11.36, which patches this vulnerability. If you cannot upgrade, apply an input sanitization/encoding workaround for the affected parameter and revi...

6.1CVSS5.8AI score0.00194EPSS
CVE
CVE
added 2026/04/10 5:35 p.m.12 views

CVE-2026-31940

CVE-2026-31940 affects Chamilo LMS prior to versions 1.11.38 and 2.0.0-RC.3. In the affected code path main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before the global bootstrap loads, enabling session fixation. The vulnerability arises from ...

8.8CVSS5.8AI score0.0024EPSS
Web
CVE
CVE
added 2026/04/10 6:51 p.m.12 views

CVE-2026-33706

Chamilo LMS prior to 1.11.38 contains a privilege escalation via the REST API. An authenticated user with a REST API key can modify their own status through the update_user_from_username endpoint, allowing a student (status=5) to elevate to Teacher/CourseManager (status=1) and obtain course creat...

7.1CVSS5.8AI score0.00168EPSS
CVE
CVE
added 2026/03/02 2:53 p.m.11 views

CVE-2025-50190

CVE-2025-50190 affects Chamilo LMS (pre-1.11.30) via an error-based SQL injection in the index.php script, triggered by the GET parameter openid.assoc_handle. Public sources confirm vulnerable versions prior to 1.11.30 and indicate a patch in 1.11.30. Connected reports (CNVD/CIRCL/NVD/OSV, etc.) ...

9.8CVSS5.9AI score0.00587EPSS
CVE
CVE
added 2026/03/02 3:49 p.m.11 views

CVE-2025-52476

CVE-2025-52476 affects Chamilo LMS prior to version 1.11.30. The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper sanitization of the keyword_active parameter in admin/user_list.php. The issue is mitigated by upgrading to version 1.11.30, which patches the vulnerabi...

6.1CVSS5.7AI score0.00187EPSS
Web
CVE
CVE
added 2026/03/02 3:54 p.m.11 views

CVE-2025-52998

Summary: CVE-2025-52998 affects Chamilo LMS components prior to version 1.11.30, where PHAR deserialization could be manipulated by crafting objects to spoof data and modify application logic. What’s affected: Chamilo, prior to 1.11.30. The root cause is flaws in the deserialization mechanism (PH...

9.8CVSS5.9AI score0.00367EPSS
Total number of security vulnerabilities57