Shodan
Vulnerabilities
Vulnerable Software
Chamilo:  >> Chamilo Lms  >> 1.11.18  Security Vulnerabilities
CVE-2023-4221
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS Score
7.2
EPSS Score
0.019
Published
2023-11-28
CVE-2023-39582
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-09-01
CVE-2023-34944
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-06-13
CVE-2023-34959
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-06-08
CVE-2023-34961
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-08
CVE-2023-34962
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS Score
8.1
EPSS Score
0.003
Published
2023-06-08
CVE-2023-34958
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-08
CVE-2023-31805
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
CVSS Score
4.8
EPSS Score
0.005
Published
2023-05-09
CVE-2023-31806
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-05-09
CVE-2023-31807
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved