| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-50191 | Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script | chamilo | chamilo-lms | - | - | 2026-03-02 14:53:36 | Deep Dive |
| CVE-2025-50190 | Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script | chamilo | chamilo-lms | - | - | 2026-03-02 14:53:15 | Deep Dive |
| CVE-2025-50189 | Chamilo: Error-based SQL Injection | chamilo | chamilo-lms | - | - | 2026-03-02 14:49:09 | Deep Dive |
| CVE-2025-50188 | Error-based SQL Injection in Chamilo LMS | chamilo | chamilo-lms | - | - | 2026-03-02 14:47:03 | Deep Dive |
| CVE-2025-52482 | Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php | chamilo | chamilo-lms | High | 8.3 | 2026-03-02 14:39:50 | Deep Dive |
| CVE-2025-50187 | Chamilo: Evaluation of untrusted user input leads to Remote Code Execution | chamilo | chamilo-lms | Critical | 9.8 | 2026-03-02 14:37:21 | Deep Dive |
| CVE-2025-50186 | Chamilo: Stored XSS via Malicious CSV Filename in user_import.php | chamilo | chamilo-lms | Medium | 4.8 | 2026-03-02 14:36:28 | Deep Dive |
| CVE-2024-50337 | Chamilo: Potential unauthenticated blind SSRF via openid function | chamilo | chamilo-lms | Medium | 5.3 | 2026-03-02 14:26:45 | Deep Dive |
| CVE-2024-47886 | Chamilo: Post-Auth Remote Code Execution | chamilo | chamilo-lms | - | - | 2026-03-02 14:23:51 | Deep Dive |
| CVE-2018-25158 | Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder | Chamilo | Chamillo LMS | High | 8.8 | 2026-02-20 22:54:45 | Deep Dive |
| CVE-2026-1106 | Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization | Chamilo | LMS | Medium | 5.4 | 2026-01-18 00:02:09 | Deep Dive |
| CVE-2023-4225 | Chamilo LMS File Upload Functionality Remote Code Execution | Chamilo | Chamilo | High | 8.8 | 2023-11-28 07:22:04 | Deep Dive |
| CVE-2023-4226 | Chamilo LMS File Upload Functionality Remote Code Execution | Chamilo | Chamilo | High | 8.8 | 2023-11-28 07:21:41 | Deep Dive |
| CVE-2023-4224 | Chamilo LMS File Upload Functionality Remote Code Execution | Chamilo | Chamilo | High | 8.8 | 2023-11-28 07:19:32 | Deep Dive |
| CVE-2023-4223 | Chamilo LMS File Upload Functionality Remote Code Execution | Chamilo | Chamilo | High | 8.8 | 2023-11-28 07:18:17 | Deep Dive |
| CVE-2023-4222 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability | Chamilo | Chamilo | High | 7.2 | 2023-11-28 07:15:37 | Deep Dive |
| CVE-2023-4221 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability | Chamilo | Chamilo | High | 7.2 | 2023-11-28 07:13:51 | Deep Dive |
| CVE-2023-4220 | Chamilo LMS Unauthenticated Big Upload File Remote Code Execution | Chamilo | Chamilo | High | 8.1 | 2023-11-28 07:11:48 | Deep Dive |
| CVE-2023-3545 | Chamilo LMS Htaccess File Upload Security Bypass | Chamilo | Chamilo | Critical | 9.8 | 2023-11-28 07:07:27 | Deep Dive |
| CVE-2023-3533 | Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write | Chamilo | Chamilo | Critical | 9.8 | 2023-11-28 07:06:44 | Deep Dive |