Vulnerabilidades em chamilo
83 resultadosCVE-2013-0739—Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.EPSS 0.8%CVE-2025-50189HIGHChamilo: Error-based SQL InjectionEPSS 0.7%CVE-2026-29041HIGHChamilo: Authenticated Remote Code Execution via Unrestricted File UploadEPSS 0.7%CVE-2025-50188HIGHError-based SQL Injection in Chamilo LMSEPSS 0.7%CVE-2025-50192HIGHChamilo: Time-based SQL Injection in /main/webservices/registration.soap.phpEPSS 0.6%CVE-2025-50190HIGHChamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php scriptEPSS 0.6%CVE-2025-50191HIGHChamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php scriptEPSS 0.5%CVE-2026-30875HIGHChamilo LMS: Authenticated RCE via H5P ImportEPSS 0.5%CVE-2026-32931HIGHChamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCEEPSS 0.5%CVE-2026-33707CRITICALWeak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lmsEPSS 0.4%CVE-2026-33704HIGHChamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpointEPSS 0.4%CVE-2026-1106MEDIUMChamilo LMS Legal Consent SocialController.php deleteLegal improper authorizationEPSS 0.4%CVE-2018-25158HIGHChamilo LMS 1.11.8 Arbitrary File Upload via elfinderEPSS 0.4%CVE-2025-52482HIGHChamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.phpEPSS 0.4%CVE-2025-52998HIGHChamilo: PHAR deserialization bypassEPSS 0.4%CVE-2025-50199HIGHChamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)EPSS 0.4%CVE-2025-52468HIGHChamilo: Stored XSS Vulnerability via CSV User ImportEPSS 0.4%CVE-2026-31939HIGHPath Traversal (Arbitrary File Delete) in Chamilo LMSEPSS 0.4%CVE-2025-50198HIGHChamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parametersEPSS 0.3%CVE-2026-34160HIGHChamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata servicesEPSS 0.3%