Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

4 matches found

CVE•added 2020/01/10 5:15 p.m.•94 views

CVE-2012-4030

Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.

7.5CVSS7.5AI score0.00532EPSS

Web

CVE•added 2022/04/15 8:15 p.m.•71 views

CVE-2022-27421

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

7.2CVSS7.2AI score0.00615EPSS

CVE•added 2024/11/04 7:15 p.m.•45 views

CVE-2024-30619

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online."

7.5CVSS6.9AI score0.00175EPSS

Web

CVE•added 2024/11/01 3:15 p.m.•37 views

CVE-2024-27524

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.

7.1CVSS6.7AI score0.00476EPSS