CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31800
https://notcve.org/view.php?id=CVE-2023-31800
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. • http://chamilo.com https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-102-2023-04-11-Low-impact-Moderate-risk-XSS-in-forum-titles • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31799
https://notcve.org/view.php?id=CVE-2023-31799
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. • http://chamilo.com https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-99-2023-04-11-Low-impact-Low-risk-XSS-in-system-announcements • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27426
https://notcve.org/view.php?id=CVE-2022-27426
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Chamilo LMS versión v1.11.13, permite a atacantes enumerar la red interna y ejecutar comandos arbitrarios del sistema por medio de un archivo Phar diseñado • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27423
https://notcve.org/view.php?id=CVE-2022-27423
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Se ha detectado que Chamilo LMS versión v1.11.13, contiene una vulnerabilidad de inyección SQL por medio del parámetro blog_id en el archivo /blog/blog.php • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27421
https://notcve.org/view.php?id=CVE-2022-27421
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. Chamilo LMS versión v1.11.13, carece de comprobación en el formulario de modificación de usuarios, permitiendo a atacantes escalar privilegios al administrador de la plataforma • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-20: Improper Input Validation •