Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

4 matches found

CVE•added 2018/07/23 3:29 p.m.•46 views

CVE-2018-1999019

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vu...

9.8CVSS9.7AI score0.01773EPSS

CVE•added 2018/12/21 6:29 a.m.•39 views

CVE-2018-20329

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

8.1CVSS8.2AI score0.00222EPSS

CVE•added 2018/12/21 6:29 a.m.•37 views

CVE-2018-20327

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of th...

5.4CVSS5.1AI score0.00191EPSS

CVE•added 2018/12/21 6:29 a.m.•32 views

CVE-2018-20328

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.

5.4CVSS5.1AI score0.00247EPSS