Chamilo

Chamilo Lms

124 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-52470

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 15:48:36
  • Zuletzt bearbeitet 03.03.2026 18:23:03

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allow...

7.1

CVE-2025-52469

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 15:48:24
  • Zuletzt bearbeitet 03.03.2026 18:23:26

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX ...

6.1

CVE-2025-52468

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 15:47:46
  • Zuletzt bearbeitet 03.03.2026 18:23:43

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "Fir...

4.9

CVE-2025-50198

Exploit
  • EPSS 0.08%
  • Veröffentlicht 02.03.2026 15:46:46
  • Zuletzt bearbeitet 03.03.2026 19:42:36

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue ha...

7.2

CVE-2025-50197

Exploit
  • EPSS 0.63%
  • Veröffentlicht 02.03.2026 15:18:06
  • Zuletzt bearbeitet 03.03.2026 18:44:38

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50196

Exploit
  • EPSS 0.5%
  • Veröffentlicht 02.03.2026 15:17:53
  • Zuletzt bearbeitet 03.03.2026 18:44:16

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50195

Exploit
  • EPSS 0.63%
  • Veröffentlicht 02.03.2026 15:16:59
  • Zuletzt bearbeitet 03.03.2026 18:43:56

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50194

Exploit
  • EPSS 0.63%
  • Veröffentlicht 02.03.2026 15:16:22
  • Zuletzt bearbeitet 03.03.2026 18:43:29

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.

7.2

CVE-2025-50193

Exploit
  • EPSS 0.63%
  • Veröffentlicht 02.03.2026 15:16:02
  • Zuletzt bearbeitet 03.03.2026 18:43:16

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.

9.8

CVE-2025-50192

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:54:06
  • Zuletzt bearbeitet 03.03.2026 19:13:20

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.