CVE-2018-20328
- EPSS 0.19%
- Veröffentlicht 21.12.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:14
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due...
CVE-2018-20329
- EPSS 0.22%
- Veröffentlicht 21.12.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:14
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.
CVE-2018-1999019
- EPSS 1.68%
- Veröffentlicht 23.07.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:03
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via ...
- EPSS 0.59%
- Veröffentlicht 05.12.2013 18:55:12
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL com...