Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Chamilo — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting Chamilo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Chamilo:chamilo-lmsChamiloLMSChamillo LMS
CVE IDTitleCVSSSeverityPublished
CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50189 Chamilo: Error-based SQL Injection — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50188 Error-based SQL Injection in Chamilo LMS — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-52482 Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php — chamilo-lmsCWE-79 8.3 High2026-03-02
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution — chamilo-lmsCWE-95 9.8 Critical2026-03-02
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php — chamilo-lmsCWE-79 4.8 Medium2026-03-02
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function — chamilo-lmsCWE-918 5.3 Medium2026-03-02
CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution — chamilo-lmsCWE-502 7.2AIHighAI2026-03-02
CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder — Chamillo LMSCWE-434 8.8 High2026-02-20
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization — LMSCWE-285 5.4 Medium2026-01-18
CVE-2023-4225 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4226 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4224 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4223 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4222 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability — ChamiloCWE-78 7.2 High2023-11-28
CVE-2023-4221 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability — ChamiloCWE-78 7.2 High2023-11-28
CVE-2023-4220 Chamilo LMS Unauthenticated Big Upload File Remote Code Execution — ChamiloCWE-434 8.1 High2023-11-28
CVE-2023-3545 Chamilo LMS Htaccess File Upload Security Bypass — ChamiloCWE-178 9.8 Critical2023-11-28
CVE-2023-3533 Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write — ChamiloCWE-22 9.8 Critical2023-11-28
CVE-2023-3368 Chamilo LMS Unauthenticated Command Injection — ChamiloCWE-78 9.8 Critical2023-11-28
CVE-2013-0739 Chamilo 跨站脚本漏洞 — Chamilo 6.1 -2020-01-30
CVE-2013-0738 Chamilo 跨站脚本漏洞 — Chamilo 6.1 -2020-01-30

This page lists every published CVE security advisory associated with Chamilo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.