Chamilo

Chamilo Lms

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.3

CVE-2025-52482

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:39:50
  • Zuletzt bearbeitet 03.03.2026 19:13:35

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has bee...

9.8

CVE-2025-50187

Exploit
  • EPSS 0.29%
  • Veröffentlicht 02.03.2026 14:37:20
  • Zuletzt bearbeitet 03.03.2026 19:12:14

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

4.8

CVE-2025-50186

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.03.2026 14:36:27
  • Zuletzt bearbeitet 03.03.2026 19:12:02

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., <img src=q onerr...

5.3

CVE-2024-50337

Exploit
  • EPSS 0.03%
  • Veröffentlicht 02.03.2026 14:26:45
  • Zuletzt bearbeitet 03.03.2026 19:11:40

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

7.2

CVE-2024-47886

Exploit
  • EPSS 1.07%
  • Veröffentlicht 02.03.2026 14:23:50
  • Zuletzt bearbeitet 03.03.2026 19:11:21

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization pl...

8.8

CVE-2018-25158

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.02.2026 22:54:44
  • Zuletzt bearbeitet 23.02.2026 18:14:13

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, r...

5.4

CVE-2026-1106

Exploit
  • EPSS 0.02%
  • Veröffentlicht 18.01.2026 00:02:09
  • Zuletzt bearbeitet 27.02.2026 03:50:02

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the arg...

5.5

CVE-2025-69581

Exploit
  • EPSS 0.01%
  • Veröffentlicht 16.01.2026 00:00:00
  • Zuletzt bearbeitet 05.02.2026 21:46:04

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, al...

5.4

CVE-2025-26153

  • EPSS 0.14%
  • Veröffentlicht 16.04.2025 00:00:00
  • Zuletzt bearbeitet 18.04.2025 12:15:15

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

5.4

CVE-2024-51142

Exploit
  • EPSS 0.37%
  • Veröffentlicht 15.11.2024 19:15:07
  • Zuletzt bearbeitet 18.04.2025 02:29:49

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.