Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chamilo-lms — Vulnerabilities & Security Advisories 69

All 69 CVE vulnerabilities found in chamilo-lms, with AI-generated Chinese analysis, references, and POCs.

Vendor: chamilo

CVE IDTitleCVSSSeverityPublished
CVE-2025-66447 Chamilo LMS has validation-less redirect on login page CWE-601--2026-04-10
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page CWE-79 6.1 Medium2026-03-16
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint CWE-89 8.8 High2026-03-16
CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response CWE-204 5.3AIMediumAI2026-03-16
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import CWE-94 8.8 High2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php CWE-89 9.8AICriticalAI2026-03-16
CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload CWE-434 8.8 High2026-03-06
CVE-2025-59544 Chamilo: Unauthorized access to update category of any user CWE-862 4.3 -2026-03-06
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description CWE-79 9.1 Critical2026-03-06
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths CWE-79 9.1 Critical2026-03-06
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion CWE-352 8.1 High2026-03-06
CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback CWE-80 4.8 -2026-03-06
CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation CWE-79 8.8 High2026-03-06
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files CWE-79 9.1 Critical2026-03-05
CVE-2025-52564 Chamilo: HTML injection via open parameter CWE-80 6.1AIMediumAI2026-03-02
CVE-2025-52998 Chamilo: PHAR deserialization bypass CWE-502 8.1AIHighAI2026-03-02
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) CWE-918 9.1AICriticalAI2026-03-02
CVE-2025-52563 Chamilo: Reflected XSS via page parameter CWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter CWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter CWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name CWE-79 4.8 Medium2026-03-02
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass CWE-841 7.1 High2026-03-02
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import CWE-79 8.8 High2026-03-02
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters CWE-502 9.8AICriticalAI2026-03-02
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50194 Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter CWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50192 Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php CWE-89 9.8AICriticalAI2026-03-02

All 69 known CVE vulnerabilities affecting chamilo-lms with full Chinese analysis, references, and POCs where available.