Chamilo: >> Chamilo >> 1.11.8 Security Vulnerabilities
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-04-15
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
CVSS Score
9.8
EPSS Score
0.851
Published
2021-06-28
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-05-13
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVSS Score
7.2
EPSS Score
0.123
Published
2021-04-30
Page 2