Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Chamilo — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting Chamilo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Chamilo:chamilo-lmsChamiloLMSChamillo LMS
CVE IDTitleCVSSSeverityPublished
CVE-2025-66447 Chamilo LMS has validation-less redirect on login page — chamilo-lmsCWE-601--2026-04-10
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page — chamilo-lmsCWE-79 6.1 Medium2026-03-16
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint — chamilo-lmsCWE-89 8.8 High2026-03-16
CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response — chamilo-lmsCWE-204 5.3AIMediumAI2026-03-16
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import — chamilo-lmsCWE-94 8.8 High2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-16
CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload — chamilo-lmsCWE-434 8.8 High2026-03-06
CVE-2025-59544 Chamilo: Unauthorized access to update category of any user — chamilo-lmsCWE-862 4.3 -2026-03-06
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description — chamilo-lmsCWE-79 9.1 Critical2026-03-06
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths — chamilo-lmsCWE-79 9.1 Critical2026-03-06
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion — chamilo-lmsCWE-352 8.1 High2026-03-06
CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback — chamilo-lmsCWE-80 4.8 -2026-03-06
CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation — chamilo-lmsCWE-79 8.8 High2026-03-06
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files — chamilo-lmsCWE-79 9.1 Critical2026-03-05
CVE-2025-52564 Chamilo: HTML injection via open parameter — chamilo-lmsCWE-80 6.1AIMediumAI2026-03-02
CVE-2025-52998 Chamilo: PHAR deserialization bypass — chamilo-lmsCWE-502 8.1AIHighAI2026-03-02
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) — chamilo-lmsCWE-918 9.1AICriticalAI2026-03-02
CVE-2025-52563 Chamilo: Reflected XSS via page parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name — chamilo-lmsCWE-79 4.8 Medium2026-03-02
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass — chamilo-lmsCWE-841 7.1 High2026-03-02
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import — chamilo-lmsCWE-79 8.8 High2026-03-02
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters — chamilo-lmsCWE-502 9.8AICriticalAI2026-03-02
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50194 Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50192 Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02

This page lists every published CVE security advisory associated with Chamilo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.