Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

chamilo — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting chamilo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products chamilo:chamilo-lmsChamiloLMSChamillo LMS
CVE IDTitleCVSSSeverityPaused
CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification — chamilo-lmsCWE-269 8.8 High2026-04-14
CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action — chamilo-lmsCWE-78 8.8 High2026-04-14
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses — chamilo-lmsCWE-639 7.1 High2026-04-14
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes — chamilo-lmsCWE-285 6.5 Medium2026-04-14
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution — chamilo-lmsCWE-79 5.4 -2026-04-14
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services — chamilo-lmsCWE-306 8.6 High2026-04-14
CVE-2026-33715 Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action — chamilo-lmsCWE-306 7.2 High2026-04-14
CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) — chamilo-lmsCWE-89 8.8 -2026-04-14
CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection — chamilo-lmsCWE-611 5.3 Medium2026-04-10
CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure — chamilo-lmsCWE-639 6.5 Medium2026-04-10
CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable) — chamilo-lmsCWE-330 7.5 High2026-04-10
CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username — chamilo-lmsCWE-862 6.5 Medium2026-04-10
CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms — chamilo-lmsCWE-640 9.4 Critical2026-04-10
CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher) — chamilo-lmsCWE-269 7.1 High2026-04-10
CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic — chamilo-lmsCWE-538 5.3 Medium2026-04-10
CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint — chamilo-lmsCWE-434 7.1 High2026-04-10
CVE-2026-33703 Chamilo LMS Critical IDOR: Any Authenticated User Can Extract All Users’ Personal Data and API Tokens — chamilo-lmsCWE-639 8.1 -2026-04-10
CVE-2026-33702 Chamilo LMS has an Insecure Direct Object Reference (IDOR) — chamilo-lmsCWE-639 7.1 High2026-04-10
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder — chamilo-lmsCWE-552 9.8 -2026-04-10
CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings — chamilo-lmsCWE-95 8.8 High2026-04-10
CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data — chamilo-lmsCWE-639 6.5 Medium2026-04-10
CVE-2026-32892 OS Command Injection in Chamilo LMS 1.11.36 — chamilo-lmsCWE-78 9.1 Critical2026-04-10
CVE-2026-32932 Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit — chamilo-lmsCWE-601 4.7 Medium2026-04-10
CVE-2026-32931 Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE — chamilo-lmsCWE-434 7.5 High2026-04-10
CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check — chamilo-lmsCWE-639 7.1 High2026-04-10
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result — chamilo-lmsCWE-476 7.1 High2026-04-10
CVE-2026-32893 Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Pagination — chamilo-lmsCWE-79 5.4 Medium2026-04-10
CVE-2026-31941 Server-Side Request Forgery (SSRF) in Chamilo LMS — chamilo-lmsCWE-918 7.7 High2026-04-10
CVE-2026-31940 Session Fixation in Chamilo LMS — chamilo-lmsCWE-384 7.5 High2026-04-10
CVE-2026-31939 Path Traversal (Arbitrary File Delete) in Chamilo LMS — chamilo-lmsCWE-22 8.3 High2026-04-10

This page lists every published CVE security advisory associated with chamilo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.