Vulnerabilidades em chamilo
83 resultadosCVE-2026-28430CRITICALChamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.phpEPSS 0.3%CVE-2024-50337MEDIUMChamilo: Potential unauthenticated blind SSRF via openid functionEPSS 0.3%CVE-2026-33698CRITICALChamilo LMS affected by unauthenticated RCE in main/install folderEPSS 0.3%CVE-2026-33618HIGHChamilo LMS Affected by Remote Code Execution via eval() in Platform SettingsEPSS 0.3%CVE-2026-40291HIGHChamilo LMS has Privilege Escalation via API User Role ModificationEPSS 0.3%CVE-2025-55208CRITICALChamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded FilesEPSS 0.3%CVE-2025-59542CRITICALChamilo: Account Takeover via Stored XSS in Course Learning PathsEPSS 0.3%CVE-2025-55289HIGHChamilo: Stored Cross Site Scripting in Skills ArgumentationEPSS 0.3%CVE-2025-50186MEDIUMChamilo: Stored XSS via Malicious CSV Filename in user_import.phpEPSS 0.3%CVE-2025-52469HIGHChamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation BypassEPSS 0.3%CVE-2026-33710HIGHChamilo LMS has Weak REST API Key Generation (Predictable)EPSS 0.3%CVE-2026-32894HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade ResultEPSS 0.3%CVE-2026-30881HIGHChamilo LMS: SQL Injection in the statistics AJAX endpointEPSS 0.3%CVE-2026-33714HIGHChamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)EPSS 0.3%CVE-2025-59543CRITICALChamilo: Account Takeover via Stored XSS in Course DescriptionEPSS 0.3%CVE-2026-33705MEDIUMChamilo LMS has unauthenticated access to Twig template source files exposes application logicEPSS 0.2%CVE-2026-31940HIGHSession Fixation in Chamilo LMSEPSS 0.2%CVE-2026-33702HIGHChamilo LMS has an Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2026-31941HIGHServer-Side Request Forgery (SSRF) in Chamilo LMSEPSS 0.2%CVE-2026-34370MEDIUMChamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notesEPSS 0.2%