Chamilo

Chamilo Lms

124 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-1106

Exploit
  • EPSS 0.02%
  • Veröffentlicht 18.01.2026 00:02:09
  • Zuletzt bearbeitet 27.02.2026 03:50:02

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the arg...

5.5

CVE-2025-69581

Exploit
  • EPSS 0.01%
  • Veröffentlicht 16.01.2026 00:00:00
  • Zuletzt bearbeitet 05.02.2026 21:46:04

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, al...

5.4

CVE-2025-26153

  • EPSS 0.14%
  • Veröffentlicht 16.04.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

5.4

CVE-2024-51142

Exploit
  • EPSS 0.51%
  • Veröffentlicht 15.11.2024 19:15:07
  • Zuletzt bearbeitet 18.04.2025 02:29:49

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.

8.8

CVE-2024-30616

Exploit
  • EPSS 0.15%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 18.04.2025 13:39:57

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

5.4

CVE-2024-30617

Exploit
  • EPSS 0.12%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 18.04.2025 13:55:07

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.

6.1

CVE-2024-30618

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 18.04.2025 13:54:12

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

7.5

CVE-2024-30619

  • EPSS 0.21%
  • Veröffentlicht 04.11.2024 19:15:06
  • Zuletzt bearbeitet 18.04.2025 13:52:46

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via "/main/inc/ajax/message.ajax.php?a=get_count_message" AND "/main/inc/ajax/online...

4.6

CVE-2024-27525

Exploit
  • EPSS 0.71%
  • Veröffentlicht 01.11.2024 15:15:18
  • Zuletzt bearbeitet 18.04.2025 13:21:04

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component.

7.1

CVE-2024-27524

Exploit
  • EPSS 1.12%
  • Veröffentlicht 01.11.2024 15:15:17
  • Zuletzt bearbeitet 17.04.2025 19:06:26

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.