Chamilo

Chamilo Lms

124 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-4226

Exploit
  • EPSS 23.95%
  • Veröffentlicht 28.11.2023 08:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

8.8

CVE-2023-4224

Exploit
  • EPSS 2.56%
  • Veröffentlicht 28.11.2023 08:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

8.8

CVE-2023-4225

Exploit
  • EPSS 2.34%
  • Veröffentlicht 28.11.2023 08:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

8.8

CVE-2023-4222

Exploit
  • EPSS 1.86%
  • Veröffentlicht 28.11.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

8.8

CVE-2023-4223

Exploit
  • EPSS 2.56%
  • Veröffentlicht 28.11.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

6.1

CVE-2023-4220

Exploit
  • EPSS 93.24%
  • Veröffentlicht 28.11.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code exec...

8.8

CVE-2023-4221

Exploit
  • EPSS 1.86%
  • Veröffentlicht 28.11.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:34:39

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

4.9

CVE-2023-39582

  • EPSS 0.12%
  • Veröffentlicht 01.09.2023 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:41

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.

9.8

CVE-2023-34944

  • EPSS 0.7%
  • Veröffentlicht 13.06.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:43

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

5.3

CVE-2023-34959

  • EPSS 0.34%
  • Veröffentlicht 08.06.2023 19:15:10
  • Zuletzt bearbeitet 06.01.2025 21:15:12

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.