Shodan
Vulnerabilities
Vulnerable Software
Chamilo:  >> Chamilo Lms  >> 1.11.6  Security Vulnerabilities
CVE-2023-39582
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-09-01
CVE-2023-34944
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-06-13
CVE-2023-34959
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-06-08
CVE-2023-34961
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-08
CVE-2023-34962
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS Score
8.1
EPSS Score
0.003
Published
2023-06-08
CVE-2023-34958
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-08
CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-04-15
CVE-2022-27422
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-15
CVE-2022-27423
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-15
CVE-2022-27426
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved