Shodan
Vulnerabilities
Vulnerable Software
Chamilo:  >> Chamilo Lms  >> 1.9.10  Security Vulnerabilities
CVE-2023-4226
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS Score
8.8
EPSS Score
0.197
Published
2023-11-28
CVE-2023-4224
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS Score
8.8
EPSS Score
0.026
Published
2023-11-28
CVE-2023-4225
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS Score
8.8
EPSS Score
0.026
Published
2023-11-28
CVE-2023-4222
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS Score
7.2
EPSS Score
0.015
Published
2023-11-28
CVE-2023-4223
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS Score
8.8
EPSS Score
0.026
Published
2023-11-28
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS Score
8.1
EPSS Score
0.93
Published
2023-11-28
CVE-2023-4221
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS Score
7.2
EPSS Score
0.015
Published
2023-11-28
CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-04-15
CVE-2021-37390
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-10
CVE-2015-9540
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved