Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chamilo — Vulnerabilities & Security Advisories 83

Browse all 83 CVE security advisories affecting chamilo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Chamilo is an open-source learning management system designed for educational institutions and corporate training environments, facilitating online course delivery and student management. Security audits reveal a significant history of vulnerabilities, with eighty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and weak access controls in older versions. Notable incidents include arbitrary file upload vulnerabilities that allowed attackers to execute malicious scripts on the server, compromising system integrity. The platform’s reliance on legacy PHP frameworks has contributed to these recurring security issues, necessitating rigorous patching and configuration hardening. While newer iterations have improved security postures, the extensive CVE record highlights the critical need for continuous monitoring and secure coding practices to mitigate risks associated with its widespread deployment in academic settings.

Top products by chamilo: chamilo-lms Chamilo LMS Chamillo LMS
CVE IDTitleCVSSSeverityPublished
CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50189 Chamilo: Error-based SQL Injection — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-50188 Error-based SQL Injection in Chamilo LMS — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-52482 Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php — chamilo-lmsCWE-79 8.3 High2026-03-02
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution — chamilo-lmsCWE-95 9.8 Critical2026-03-02
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php — chamilo-lmsCWE-79 4.8 Medium2026-03-02
CVE-2024-50337 Chamilo: Potential unauthenticated blind SSRF via openid function — chamilo-lmsCWE-918 5.3 Medium2026-03-02
CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution — chamilo-lmsCWE-502 7.2AIHighAI2026-03-02
CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder — Chamillo LMSCWE-434 8.8 High2026-02-20
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization — LMSCWE-285 5.4 Medium2026-01-18
CVE-2023-4225 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4226 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4224 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4223 Chamilo LMS File Upload Functionality Remote Code Execution — ChamiloCWE-434 8.8 High2023-11-28
CVE-2023-4222 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability — ChamiloCWE-78 7.2 High2023-11-28
CVE-2023-4221 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability — ChamiloCWE-78 7.2 High2023-11-28
CVE-2023-4220 Chamilo LMS Unauthenticated Big Upload File Remote Code Execution — ChamiloCWE-434 8.1 High2023-11-28
CVE-2023-3545 Chamilo LMS Htaccess File Upload Security Bypass — ChamiloCWE-178 9.8 Critical2023-11-28
CVE-2023-3533 Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write — ChamiloCWE-22 9.8 Critical2023-11-28
CVE-2023-3368 Chamilo LMS Unauthenticated Command Injection — ChamiloCWE-78 9.8 Critical2023-11-28
CVE-2013-0739 Chamilo 跨站脚本漏洞 — Chamilo 6.1 -2020-01-30
CVE-2013-0738 Chamilo 跨站脚本漏洞 — Chamilo 6.1 -2020-01-30

This page lists every published CVE security advisory associated with chamilo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.