Shodan
Vulnerabilities
Vulnerable Software
Chamilo:  Security Vulnerabilities
CVE-2021-32925
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-05-13
CVE-2020-23127
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-06
CVE-2020-23128
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-05-06
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVSS Score
7.2
EPSS Score
0.145
Published
2021-04-30
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-02-19
CVE-2012-4029
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-02-08
CVE-2013-0739
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-30
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-30
CVE-2012-4030
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-10
CVE-2015-9540
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved