目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

chamilo 厂商漏洞列表 / CVE 中文分析 83

chamilo 厂商相关 83 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Chamilo 是一款开源学习管理系统,旨在提供灵活的教育平台。其历史漏洞记录显示,常见风险包括远程代码执行、跨站脚本及越权访问,累计已收录 83 条 CVE。这些缺陷多源于输入验证不足或权限逻辑缺陷。尽管存在安全风险,该项目仍持续通过补丁更新修复问题。用户需关注官方安全公告,及时升级版本以缓解潜在威胁,确保教育数据与系统环境的稳定性。

上位製品 chamilo: chamilo-lms Chamilo LMS Chamillo LMS
CVE IDタイトルCVSS深刻度公開日
CVE-2025-66447 Chamilo LMS has validation-less redirect on login page — chamilo-lmsCWE-601--2026-04-10
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page — chamilo-lmsCWE-79 6.1 Medium2026-03-16
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint — chamilo-lmsCWE-89 8.8 High2026-03-16
CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response — chamilo-lmsCWE-204 5.3AIMediumAI2026-03-16
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import — chamilo-lmsCWE-94 8.8 High2026-03-16
CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-16
CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload — chamilo-lmsCWE-434 8.8 High2026-03-06
CVE-2025-59544 Chamilo: Unauthorized access to update category of any user — chamilo-lmsCWE-862 4.3 -2026-03-06
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description — chamilo-lmsCWE-79 9.1 Critical2026-03-06
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths — chamilo-lmsCWE-79 9.1 Critical2026-03-06
CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion — chamilo-lmsCWE-352 8.1 High2026-03-06
CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback — chamilo-lmsCWE-80 4.8 -2026-03-06
CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation — chamilo-lmsCWE-79 8.8 High2026-03-06
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files — chamilo-lmsCWE-79 9.1 Critical2026-03-05
CVE-2025-52564 Chamilo: HTML injection via open parameter — chamilo-lmsCWE-80 6.1AIMediumAI2026-03-02
CVE-2025-52998 Chamilo: PHAR deserialization bypass — chamilo-lmsCWE-502 8.1AIHighAI2026-03-02
CVE-2025-50199 Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) — chamilo-lmsCWE-918 9.1AICriticalAI2026-03-02
CVE-2025-52563 Chamilo: Reflected XSS via page parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter — chamilo-lmsCWE-79 6.1AIMediumAI2026-03-02
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name — chamilo-lmsCWE-79 4.8 Medium2026-03-02
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass — chamilo-lmsCWE-841 7.1 High2026-03-02
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import — chamilo-lmsCWE-79 8.8 High2026-03-02
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters — chamilo-lmsCWE-502 9.8AICriticalAI2026-03-02
CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50194 Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter — chamilo-lmsCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-50192 Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php — chamilo-lmsCWE-89 9.8AICriticalAI2026-03-02

本页汇总了 chamilo 厂商截至目前公开的全部 83 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。