Filtered by vendor Chamilo
Subscribe
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 5.4 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | |||||
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 6.1 MEDIUM |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | |||||
| CVE-2024-30619 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 7.5 HIGH |
| Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online." | |||||
| CVE-2024-30616 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 8.8 HIGH |
| Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity. | |||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 4.6 MEDIUM |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | |||||
| CVE-2024-51142 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. | |||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2025-04-17 | N/A | 7.1 HIGH |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | |||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | |||||
| CVE-2023-31799 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | |||||
| CVE-2023-31803 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | |||||
| CVE-2023-31802 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | |||||
| CVE-2023-31801 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | |||||
| CVE-2023-31800 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | |||||
| CVE-2023-31807 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | |||||
| CVE-2023-31806 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | |||||
| CVE-2023-31805 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | |||||
| CVE-2023-31804 | 1 Chamilo | 1 Chamilo Lms | 2025-01-28 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | |||||
| CVE-2023-34961 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | N/A | 6.1 MEDIUM |
| Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. | |||||
| CVE-2023-34959 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | N/A | 5.3 MEDIUM |
| An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. | |||||
| CVE-2023-34958 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | N/A | 4.3 MEDIUM |
| Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. | |||||