Shodan
Vulnerabilities
Vulnerable Software
Chamilo:  >> Chamilo  >> 1.11.14  Security Vulnerabilities
CVE-2023-37062
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
CVE-2023-37063
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
CVE-2022-27425
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-04-15
CVE-2021-40662
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-03-21
CVE-2021-38745
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
CVSS Score
6.8
EPSS Score
0.015
Published
2022-03-21
CVE-2021-43687
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
CVSS Score
6.1
EPSS Score
0.01
Published
2021-12-01
CVE-2021-37389
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-08-10
CVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
CVSS Score
9.8
EPSS Score
0.851
Published
2021-06-28
CVE-2021-32925
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-05-13
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVSS Score
7.2
EPSS Score
0.123
Published
2021-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved