Product
chamilo lms
148 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-40291
CVE-2026-35196
CVE-2026-34602
CVE-2026-34370
CVE-2026-34161
CVE-2026-34160
CVE-2026-33715
CVE-2026-33714
CVE-2026-33737
CVE-2026-33736
CVE-2026-33710
CVE-2026-33708
CVE-2026-33707
CVE-2026-33706
CVE-2026-33705
CVE-2026-33704
CVE-2026-33703
CVE-2026-33702
CVE-2026-33698
CVE-2026-33618
CVE-2026-33141
CVE-2026-32932
CVE-2026-32931
CVE-2026-32930
CVE-2026-32894
CVE-2026-32893
CVE-2026-32892
CVE-2026-31941
CVE-2026-31940
CVE-2026-31939
CVE-2025-66447
CVE-2026-30882
CVE-2026-30881
CVE-2026-30876
CVE-2026-30875
CVE-2026-28430
CVE-2026-29041
CVE-2025-59544
CVE-2025-59543
CVE-2025-59542
CVE-2025-59541
CVE-2025-59540
CVE-2025-55289
CVE-2025-55208
CVE-2025-52998
CVE-2025-52564
CVE-2025-52563
CVE-2025-52476
CVE-2025-52475
CVE-2025-52470
CVE-2025-52469
CVE-2025-52468
CVE-2025-50199
CVE-2025-50198
CVE-2025-50197
CVE-2025-50196
CVE-2025-50195
CVE-2025-50194
CVE-2025-50193
CVE-2025-52482
CVE-2025-50192
CVE-2025-50191
CVE-2025-50190
CVE-2025-50189
CVE-2025-50188
CVE-2025-50187
CVE-2025-50186
CVE-2024-50337
CVE-2024-47886
CVE-2026-1106
CVE-2025-69581
CVE-2024-51142
CVE-2024-30619
CVE-2024-30618
CVE-2024-30617
CVE-2024-30616
CVE-2024-27525
CVE-2024-27524
CVE-2023-4226
CVE-2023-4225
CVE-2023-4224
CVE-2023-4223
CVE-2023-4222
CVE-2023-4221
CVE-2023-4220
CVE-2023-3545
CVE-2023-3533
CVE-2023-3368
CVE-2023-39582
CVE-2023-39061
CVE-2023-34960
CVE-2023-37067
CVE-2023-37066
CVE-2023-37065
CVE-2023-37064
CVE-2023-37063
CVE-2023-37062
CVE-2023-37061
CVE-2023-34944
CVE-2023-34962
CVE-2023-34961
CVE-2023-34959
CVE-2023-34958
CVE-2023-31807
CVE-2023-31806
CVE-2023-31805
CVE-2023-31804
CVE-2023-31803
CVE-2023-31802
CVE-2023-31801
CVE-2023-31800
CVE-2023-31799
CVE-2022-42029
CVE-2022-40407
CVE-2022-27426
CVE-2022-27425
CVE-2022-27423
CVE-2022-27422
CVE-2022-27421
CVE-2021-40662
CVE-2021-38745
CVE-2021-35415
CVE-2021-35414
CVE-2021-35413
CVE-2021-43687
CVE-2020-23126
CVE-2021-37391
CVE-2021-37390
CVE-2021-37389
CVE-2021-34187
CVE-2021-32925
CVE-2020-23128
CVE-2020-23127
CVE-2021-31933
CVE-2021-26746
CVE-2012-4029
CVE-2013-0739
CVE-2013-0738
CVE-2012-4030
CVE-2015-9540
CVE-2019-13082
CVE-2019-1000017
CVE-2019-1000015
CVE-2018-20329
CVE-2018-20328
CVE-2018-20327
CVE-2018-1999019
CVE-2013-6787
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability e
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is v
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecur
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vul
<= 1.11.38
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification
all versions
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is a
all versions
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the stati
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without X
all versions
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate al
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates token
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own sta
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are direct
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary con
all versions
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Refer
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the mai
all versions
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method
<= 1.11.38
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exe
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerabi
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerabi
all versions
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exer
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnera
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request pa
< 1.11.38
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading t
<= 1.11.38
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of
< 1.11.36
Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS)
< 1.11.36
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJ
< 1.11.36
Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invali
< 1.11.36
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import fe
< 1.11.34
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability whi
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code executi
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an att
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a
< 1.11.34
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.1
< 1.11.34
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Netw
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the d
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability d
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability d
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability i
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user da
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/s
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vcham
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vcham
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/la
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vcham
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, ena
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservic
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with th
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming
< 1.11.28
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering whic
< 1.11.30
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to
< 1.11.28
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL o
>= 1.11.12 and < 1.11.26
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote co
< 2.0.0
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src
all versions
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information
all versions
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter o
all versions
Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of mess
all versions
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript
all versions
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a r
all versions
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive prof
all versions
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script t
all versions
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script t
<= 1.11.24
Unrestricted file upload in
/main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner<= 1.11.24
Unrestricted file upload in
/main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with lear<= 1.11.24
Unrestricted file upload in
/main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learn<= 1.11.24
Unrestricted file upload in
/main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with lear<= 1.11.24
Command injection in
main/lp/openoffice_text_document.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Lear<= 1.11.24
Command injection in
main/lp/openoffice_presentation.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learn<= 1.11.24
Unrestricted file upload in big file upload functionality in
/main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS<= 1.11.20
Improper sanitisation in
main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows u<= 1.11.20
Path traversal in file upload functionality in
/main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows un< 1.11.20
Command injection in
/main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to>= 1.11 and <= 1.11.20
SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive informati
>= 1.11 and <= 1.11.20
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker
>= 1.11.0 and <= 1.11.18
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbi
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management sectio
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
>= 1.11.0 and <= 1.11.20
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
>= 1.11.0 and <= 1.11.18
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to e
>= 1.11.0 and <= 1.11.18
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's per
>= 1.11.0 and <= 1.11.18
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment fiel
>= 1.11.0 and <= 1.11.18
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information
>= 1.11.0 and <= 1.11.18
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belon
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resour
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum
all versions
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system
all versions
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to
all versions
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip
>= 1.11.0 and <= 1.11.16
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitr
>= 1.11.0 and <= 1.11.16
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.
>= 1.11.0 and <= 1.11.16
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
>= 1.11.0 and <= 1.11.16
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or
<= 1.11.14
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
all versions
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user
all versions
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitra
>= 1.11.0 and <= 1.11.16
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload
>= 1.11.0 and <= 1.11.16
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
>= 1.11.0 and <= 1.11.16
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers t
all versions
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passe
all versions
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and
>= 1.11.0 and < 1.11.14
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through
< 1.11.14
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
all versions
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
<= 1.11.14
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
>= 1.11.0 and <= 1.11.16
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
all versions
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a
all versions
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
<= 1.11.14
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for
all versions
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
< 1.8.8.6
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject
all versions
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
all versions
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
< 1.8.8.6
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers
<= 1.9.10.2
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
all versions
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts
<= 1.11.8
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can re
<= 1.11.8
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.ph
all versions
Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access t
all versions
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to a
all versions
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allo
all versions
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /we
<= 1.9.6
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when us