Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Chamilo Subscribe
Filtered by product Chamilo Lms
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-30617 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 5.4 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.
CVE-2024-30618 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 6.1 MEDIUM
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.
CVE-2024-30619 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 7.5 HIGH
Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online."
CVE-2024-30616 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 8.8 HIGH
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.
CVE-2024-27525 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 4.6 MEDIUM
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.
CVE-2024-51142 1 Chamilo 1 Chamilo Lms 2025-04-18 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.
CVE-2024-27524 1 Chamilo 1 Chamilo Lms 2025-04-17 N/A 7.1 HIGH
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
CVE-2013-6787 1 Chamilo 1 Chamilo Lms 2025-04-11 6.0 MEDIUM N/A
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
CVE-2023-31799 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 4.8 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
CVE-2023-31803 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 4.8 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
CVE-2023-31802 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
CVE-2023-31801 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
CVE-2023-31800 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
CVE-2023-31807 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
CVE-2023-31806 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
CVE-2023-31805 1 Chamilo 1 Chamilo Lms 2025-01-29 N/A 4.8 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
CVE-2023-31804 1 Chamilo 1 Chamilo Lms 2025-01-28 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
CVE-2023-34961 1 Chamilo 1 Chamilo Lms 2025-01-06 N/A 6.1 MEDIUM
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVE-2023-34959 1 Chamilo 1 Chamilo Lms 2025-01-06 N/A 5.3 MEDIUM
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVE-2023-34958 1 Chamilo 1 Chamilo Lms 2025-01-06 N/A 4.3 MEDIUM
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.