chamilo community members and professional partners
Enterprise Softwareoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting chamilo community members and professional partners.
- CVE-2025-52998Chamilo: PHAR deserialization bypass9.8
- CVE-2025-50199Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)9.1
- CVE-2025-50198Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters4.9
- CVE-2025-50197Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter7.2
- CVE-2025-50196Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter7.2
- CVE-2025-50195Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php7.2
- CVE-2025-50194Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php7.2
- CVE-2025-50193Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter7.2
- CVE-2025-50192Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php9.8
- CVE-2025-50191Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script7.2
- CVE-2025-50190Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script9.8
- CVE-2025-50189Chamilo: Error-based SQL Injection8.8
- CVE-2025-50188Error-based SQL Injection in Chamilo LMS7.2
- CVE-2024-50337Chamilo: Potential unauthenticated blind SSRF via openid function5.3
- CVE-2021-37391A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cooki...5.4