Chamilo

Chamilo Lms

124 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-50191

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:53:36
  • Zuletzt bearbeitet 03.03.2026 19:13:46

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.

9.8

CVE-2025-50190

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:53:15
  • Zuletzt bearbeitet 03.03.2026 19:14:03

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.

8.8

CVE-2025-50189

Exploit
  • EPSS 0.07%
  • Veröffentlicht 02.03.2026 14:49:09
  • Zuletzt bearbeitet 03.03.2026 19:13:01

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/...

7.2

CVE-2025-50188

Exploit
  • EPSS 0.08%
  • Veröffentlicht 02.03.2026 14:47:03
  • Zuletzt bearbeitet 03.03.2026 19:12:46

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugi...

8.3

CVE-2025-52482

Exploit
  • EPSS 0.06%
  • Veröffentlicht 02.03.2026 14:39:50
  • Zuletzt bearbeitet 03.03.2026 19:13:35

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has bee...

9.8

CVE-2025-50187

Exploit
  • EPSS 0.44%
  • Veröffentlicht 02.03.2026 14:37:20
  • Zuletzt bearbeitet 03.03.2026 19:12:14

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

4.8

CVE-2025-50186

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.03.2026 14:36:27
  • Zuletzt bearbeitet 03.03.2026 19:12:02

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., <img src=q onerr...

5.3

CVE-2024-50337

Exploit
  • EPSS 0.07%
  • Veröffentlicht 02.03.2026 14:26:45
  • Zuletzt bearbeitet 03.03.2026 19:11:40

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

7.2

CVE-2024-47886

Exploit
  • EPSS 0.96%
  • Veröffentlicht 02.03.2026 14:23:50
  • Zuletzt bearbeitet 03.03.2026 19:11:21

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization pl...

8.8

CVE-2018-25158

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.02.2026 22:54:44
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, r...