Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

4 matches found

CVE•added 2022/04/15 8:15 p.m.•76 views

CVE-2022-27426

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

8.8CVSS8.8AI score0.00395EPSS

CVE•added 2022/04/15 8:15 p.m.•73 views

CVE-2022-27423

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.

9.8CVSS9.8AI score0.00714EPSS

CVE•added 2022/04/15 8:15 p.m.•71 views

CVE-2022-27421

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

7.2CVSS7.2AI score0.00615EPSS

CVE•added 2022/04/15 8:15 p.m.•54 views

CVE-2022-27422

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

6.1CVSS6AI score0.00526EPSS