Filtered by vendor Chamilo
Subscribe
Total
148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-29041 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 8.8 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34. | |||||
| CVE-2026-1106 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-69581 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks. | |||||
| CVE-2025-59544 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 4.3 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-59543 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.0 CRITICAL |
| Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an attacker with a low-privileged account (e.g., trainer) can execute arbitrary JavaScript code in the context of any other user viewing the course information page, including administrators. This allows an attacker to exfiltrate sensitive session cookies or tokens, resulting in account takeover (ATO) of higher-privileged users. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-59542 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.0 CRITICAL |
| Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account (e.g., trainer) can execute arbitrary JavaScript code in the context of any other user viewing the course information page, including administrators. This allows an attacker to exfiltrate sensitive session cookies or tokens, resulting in account takeover (ATO) of higher-privileged users. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-59541 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 8.1 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-59540 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 5.4 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is not properly encoded before rendering, allowing malicious scripts to persist in the database and execute on view. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-55289 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 8.8 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. When viewed by an authenticated user (including administrators), the payload executes in their browser within the LMS context. This enables full account takeover via session hijacking, unauthorized actions with the victim’s privileges, exfiltration of sensitive data, and potential self-propagation to other users. This issue has been patched in version 1.11.34. | |||||
| CVE-2025-55208 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.0 CRITICAL |
| Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue. | |||||
| CVE-2025-52998 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52564 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52563 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52482 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 8.3 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52476 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52475 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 6.1 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52470 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 4.8 MEDIUM |
| Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScript payloads. The injected script is later executed when accessing add_many_sessions_to_category.php, potentially compromising administrative sessions. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52469 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 7.1 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal flow of sending and accepting friend requests, and even add non-existent users. This breaks access control and social interaction logic, with potential privacy implications. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-52468 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 8.8 HIGH |
| Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30. | |||||
| CVE-2025-50199 | 1 Chamilo | 1 Chamilo Lms | 2026-06-17 | N/A | 9.1 CRITICAL |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | |||||