Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Chamilo Subscribe
Filtered by product Chamilo
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32925 1 Chamilo 1 Chamilo 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.
CVE-2021-31933 1 Chamilo 1 Chamilo 2024-11-21 6.5 MEDIUM 7.2 HIGH
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVE-2021-26746 1 Chamilo 1 Chamilo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
CVE-2013-0739 1 Chamilo 1 Chamilo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
CVE-2013-0738 1 Chamilo 1 Chamilo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.
CVE-2012-4029 1 Chamilo 1 Chamilo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024