Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

5 matches found

CVE•added 2023/06/13 9:15 p.m.•154 views

CVE-2023-34944

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

9.8CVSS9.6AI score0.00489EPSS

CVE•added 2022/04/15 8:15 p.m.•73 views

CVE-2022-27423

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

9.8CVSS9.8AI score0.00714EPSS

CVE•added 2019/06/30 4:15 p.m.•64 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder an...

9.8CVSS9.9AI score0.03509EPSS

CVE•added 2018/07/23 3:29 p.m.•46 views

CVE-2018-1999019

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vu...

9.8CVSS9.7AI score0.01773EPSS

CVE•added 2021/12/03 10:15 p.m.•38 views

CVE-2021-35414

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

9.8CVSS9.8AI score0.02202EPSS