Chamilo: Security Vulnerabilities
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-06
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-05-06
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVSS Score
7.2
EPSS Score
0.148
Published
2021-04-30
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-02-19
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-02-08
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-30
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-30
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-10
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-04
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir.
CVSS Score
9.8
EPSS Score
0.035
Published
2019-06-30