CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4225 – Chamilo LMS File Upload Functionality Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4225
28 Nov 2023 — Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. La carga de archivos sin restricciones en `/main/inc/ajax/exercise.ajax.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes autenticados con rol de aprendizaje obtener la ejecución remota de código mediante la carga de archivos PHP. • https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4226 – Chamilo LMS File Upload Functionality Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4226
28 Nov 2023 — Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. La carga de archivos sin restricciones en `/main/inc/ajax/work.ajax.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes autenticados con rol de aprendizaje obtener la ejecución remota de código mediante la carga de archivos PHP. • https://github.com/krishnan-tech/CVE-2023-4226-POC • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4224 – Chamilo LMS File Upload Functionality Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4224
28 Nov 2023 — Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. La carga de archivos sin restricciones en `/main/inc/ajax/dropbox.ajax.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes autenticados con rol de aprendizaje obtener la ejecución remota de código mediante la carga de archivos PHP. • https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4223 – Chamilo LMS File Upload Functionality Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4223
28 Nov 2023 — Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. La carga de archivos sin restricciones en `/main/inc/ajax/document.ajax.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes autenticados con rol de aprendizaje obtener la ejecución remota de código mediante la carga de archivos PHP. • https://github.com/chamilo/chamilo-lms/commit/3d74fb7d99bd2e287730552f7a66562417a55047 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4222 – Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-4222
28 Nov 2023 — Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. La inyección de comandos en `main/lp/openoffice_text_document.class.php` en Chamilo LMS en versiones <= 1.11.24 permite a los usuarios autorizados a cargar rutas de aprendizaje para obtener la ejecución remota de código mediante la neutralización inadecuada de caracteres especiales. • https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4221 – Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-4221
28 Nov 2023 — Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. La inyección de comandos en `main/lp/openoffice_presentation.class.php` en Chamilo LMS en versiones <= 1.11.24 permite a los usuarios autorizados a cargar rutas de aprendizaje para obtener la ejecución remota de código mediante la neutralización inadecuada de caracteres especiales. • https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 95%CPEs: 1EXPL: 25CVE-2023-4220 – Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-4220
28 Nov 2023 — Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes no autenticados realiza... • https://packetstorm.news/files/id/182982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27421
https://notcve.org/view.php?id=CVE-2022-27421
15 Apr 2022 — Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. Chamilo LMS versión v1.11.13, carece de comprobación en el formulario de modificación de usuarios, permitiendo a atacantes escalar privilegios al administrador de la plataforma • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37390
https://notcve.org/view.php?id=CVE-2021-37390
10 Aug 2021 — A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). Se presenta una vulnerabilidad de tipo XSS reflejado en Chamilo LMS versión 1.11.14, en la función main/social/search.php=q URI (funcionalidad de búsqueda en redes sociales) • https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9540
https://notcve.org/view.php?id=CVE-2015-9540
04 Jan 2020 — Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. Chamilo LMS versiones hasta la versión 1.9.10.2, permite un redireccionamiento abierto de link_goto.php?link_url=, un problema relacionado con CVE-2015-5503. • https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-18-2015-05-02-Low-Moderate-risk-URL-hijackingspoofing • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •