cbcvebase.

Chamilo Lms vulnerabilities

121 known vulnerabilities affecting chamilo/chamilo_lms.

Total CVEs
121
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL17HIGH47MEDIUM57

Vulnerabilities

Page 2 of 7
CVE-2025-50192P3CRITICALCVSS 9.8fixed in 1.11.302026-03-02
CVE-2025-50192 [CRITICAL] CWE-89 CVE-2025-50192: Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injecti Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
nvd
CVE-2023-4226P2HIGHCVSS 8.8≤ 1.11.242023-11-28
CVE-2023-4226 [HIGH] CWE-434 CVE-2023-4226: Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authent Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
nvd
CVE-2023-4225P3HIGHCVSS 8.8≤ 1.11.242023-11-28
CVE-2023-4225 [HIGH] CWE-434 CVE-2023-4225: Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows aut Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
nvd
CVE-2023-4223P3HIGHCVSS 8.8≤ 1.11.242023-11-28
CVE-2023-4223 [HIGH] CWE-434 CVE-2023-4223: Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows aut Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
nvd
CVE-2023-4224P3HIGHCVSS 8.8≤ 1.11.242023-11-28
CVE-2023-4224 [HIGH] CWE-434 CVE-2023-4224: Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows auth Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
nvd
CVE-2023-4222P3HIGHCVSS 8.8≤ 1.11.242023-11-28
CVE-2023-4222 [HIGH] CWE-78 CVE-2023-4222: Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
nvd
CVE-2025-50190P3CRITICALCVSS 9.8fixed in 1.11.302026-03-02
CVE-2025-50190 [CRITICAL] CWE-89 CVE-2025-50190: Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injec Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
nvd
CVE-2021-37391P3MEDIUMCVSS 5.4PoC≥ 1.11.0, < 1.11.142021-08-10
CVE-2021-37391 [MEDIUM] CWE-79 CVE-2021-37391: A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
nvd
CVE-2024-47886P3HIGHCVSS 7.2≥ 1.11.12, < 1.11.262026-03-02
CVE-2024-47886 [HIGH] CWE-502 CVE-2024-47886: Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserial Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This
nvd
CVE-2021-35413P3HIGHCVSS 8.8≥ 1.11.0, ≤ 1.11.162021-12-03
CVE-2021-35413 [HIGH] CWE-862 CVE-2021-35413: A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x al A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
nvd
CVE-2025-55208P3CRITICALCVSS 9.0fixed in 1.11.342026-03-05
CVE-2025-55208 [CRITICAL] CWE-79 CVE-2025-55208: Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecur Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue.
nvd
CVE-2025-50199P3CRITICALCVSS 9.1fixed in 1.11.302026-03-02
CVE-2025-50199 [CRITICAL] CWE-918 CVE-2025-50199: Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerabili Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
nvd
CVE-2025-50194P3HIGHCVSS 7.2fixed in 1.11.302026-03-02
CVE-2025-50194 [HIGH] CWE-78 CVE-2025-50194: Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.
nvd
CVE-2023-34944P3CRITICALCVSS 9.8≥ 1.11.0, ≤ 1.11.182023-06-13
CVE-2023-34944 [CRITICAL] CWE-434 CVE-2023-34944: An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
nvd
CVE-2026-31939P3HIGHCVSS 8.3fixed in 1.11.382026-04-10
CVE-2026-31939 [HIGH] CWE-22 CVE-2026-31939: Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exe Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerability is fixed in 1.11.38.
nvd
CVE-2025-50196P3HIGHCVSS 7.2fixed in 1.11.302026-03-02
CVE-2025-50196 [HIGH] CWE-78 CVE-2025-50196: Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.
nvd
CVE-2025-50195P3HIGHCVSS 7.2fixed in 1.11.302026-03-02
CVE-2025-50195 [HIGH] CWE-78 CVE-2025-50195: Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.
nvd
CVE-2025-50193P3HIGHCVSS 7.2fixed in 1.11.302026-03-02
CVE-2025-50193 [HIGH] CWE-78 CVE-2025-50193: Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.
nvd
CVE-2021-35414P3CRITICALCVSS 9.8≥ 1.11.0, ≤ 1.11.162021-12-03
CVE-2021-35414 [CRITICAL] CWE-89 CVE-2021-35414: Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiari Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
nvd
CVE-2025-50197P3HIGHCVSS 7.2fixed in 1.11.302026-03-02
CVE-2025-50197 [HIGH] CWE-78 CVE-2025-50197: Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.
nvd
Chamilo Lms vulnerabilities | cvebase