CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-3545 – Chamilo LMS Htaccess File Upload Security Bypass
https://notcve.org/view.php?id=CVE-2023-3545
28 Nov 2023 — Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution. La sanitización inadecuada en `main/inc/lib/fileUpload.lib.... • https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-3533 – Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-3533
28 Nov 2023 — Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. Path Traversal en la funcionalidad de carga de archivos en `/main/webservices/additional_webservices.php` en Chamilo LMS en versiones <= 1.11.20 permite a atacantes no autenticados realizar ataques de Cross Site Scripting Almacenados y obtener ejecu... • https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 1CVE-2023-3368 – Chamilo LMS Unauthenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-3368
28 Nov 2023 — Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. Inyección de comando en `/main/webservices/additional_webservices.php` en Chamilo LMS en versiones <= 1.11.20 permite a atacantes no autenticados obtener la ejecución remota de código mediante la neutralización inadecuada de caracteres especiales. Esta es una om... • https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34187
https://notcve.org/view.php?id=CVE-2021-34187
28 Jun 2021 — main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. Un archivo main/inc/ajax/model.ajax.php en Chamilo versiones hasta 1.11.14, permite una inyección SQL por medio de los parámetros searchField, filters o filters2 • https://github.com/chamilo/chamilo-lms/commit/005dc8e9eccc6ea35264064ae09e2e84af8d5b59 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 8%CPEs: 1EXPL: 2CVE-2021-31933 – Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2021-31933
30 Apr 2021 — A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution. Se presenta una vulnerabilidad de ejecución de código remota en Chamilo version... • https://www.exploit-db.com/exploits/49867 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0739
https://notcve.org/view.php?id=CVE-2013-0739
30 Jan 2020 — Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. Chamilo versión 1.9.4, presenta una vulnerabilidad de tipo XSS debido a una comprobación inapropiada de la entrada suministrada por el usuario mediante el script chat.php. • http://www.securityfocus.com/bid/58735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0738
https://notcve.org/view.php?id=CVE-2013-0738
30 Jan 2020 — Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. Chamilo versión 1.9.4, presenta Múltiples Vulnerabilidades de Inyección XSS y HTML: en los archivos blog.php y announcements.php. • http://www.securityfocus.com/bid/58735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 4CVE-2013-6787 – Chamilo Lms 1.9.6 - 'profile.php?password' SQL Injection
https://notcve.org/view.php?id=CVE-2013-6787
27 Nov 2013 — SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. Vulnerabilidad de inyección SQL en la función check_user_password en main/auth/profile.php en Chamilo LMS 1.9.6 y anteriores, cuando se utiliza el modo de contraseñas no cifradas durante la instalación, permite a usuarios aut... • https://www.exploit-db.com/exploits/30012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •