Chamilo Lms@1.11.16 Security Vulnerabilities and Issues — Chamilo Lms@1.11.16 CVE List

Lucene search

ChamiloChamilo Lms1.11.16

6 matches found

CVE•added 2022/04/15 8:15 p.m.•77 views

CVE-2022-27426

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

8.8CVSS8.8AI score0.00395EPSS

CVE•added 2022/04/15 8:15 p.m.•74 views

CVE-2022-27423

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

9.8CVSS9.8AI score0.00714EPSS

Web

CVE•added 2022/04/15 8:15 p.m.•56 views

CVE-2022-27422

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

6.1CVSS6AI score0.00526EPSS

CVE•added 2021/12/03 10:15 p.m.•54 views

CVE-2021-35413

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

8.8CVSS8.8AI score0.03237EPSS

CVE•added 2021/12/03 10:15 p.m.•40 views

CVE-2021-35414

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

9.8CVSS9.8AI score0.02202EPSS

Web

CVE•added 2021/12/03 10:15 p.m.•36 views

CVE-2021-35415

A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.

4.8CVSS4.9AI score0.0061EPSS