SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
Max CVSS
4.9
EPSS Score
0.06%
Published
2023-09-01
Updated
2023-09-06
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-13
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-13
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-13
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-13
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-12
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-12
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
Max CVSS
4.8
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-12
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
Max CVSS
8.1
EPSS Score
0.06%
Published
2023-06-08
Updated
2023-06-15
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-06-08
Updated
2023-06-15

CVE-2023-34960

Public exploit
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Max CVSS
9.8
EPSS Score
93.54%
Published
2023-08-01
Updated
2023-08-24
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-06-08
Updated
2023-06-15
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-06-08
Updated
2023-06-15
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-06-13
Updated
2023-06-20
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
Max CVSS
4.8
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
Max CVSS
4.8
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
Max CVSS
4.8
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-05-12
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Max CVSS
8.8
EPSS Score
0.29%
Published
2023-11-28
Updated
2023-11-30
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Max CVSS
8.8
EPSS Score
0.29%
Published
2023-11-28
Updated
2023-11-30
69 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!