Filtered by vendor Chamilo
Subscriptions
Filtered by product Chamilo Lms
Subscriptions
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1999019 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 9.8 Critical |
| Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62. | ||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | ||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | ||||
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 7.5 High |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | ||||
| CVE-2024-30617 | 1 Chamilo | 1 Chamilo Lms | 2024-11-05 | 5.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge. | ||||
| CVE-2024-30616 | 1 Chamilo | 1 Chamilo Lms | 2024-11-05 | 8.8 High |
| Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity. | ||||
| CVE-2024-30619 | 1 Chamilo | 1 Chamilo Lms | 2024-11-05 | 7.5 High |
| Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online.ajax.php?a=get_users_online." | ||||
| CVE-2024-30618 | 1 Chamilo | 1 Chamilo Lms | 2024-11-05 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'. | ||||
| CVE-2024-27525 | 1 Chamilo | 1 Chamilo Lms | 2024-11-04 | 4.6 Medium |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. | ||||
| CVE-2024-27524 | 1 Chamilo | 1 Chamilo Lms | 2024-11-04 | 7.1 High |
| Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. | ||||