Total CVEs

140,425

Critical Severity

3,747

High Severity

13,549

Last 7 Days

1,507
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 61 - 69 of 69 CVEs
CVE-2025-50192 CRITICAL - 9.8

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50191 HIGH - 7.2

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50190 CRITICAL - 9.8

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50189 HIGH - 8.8

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an ...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50188 HIGH - 7.2

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an attac...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50187 CRITICAL - 9.8

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2025-50186 MEDIUM - 4.8

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., <img src=q onerror=prompt(8)>.csv) that leads to JavaScript ...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2024-50337 MEDIUM - 5.3

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD
CVE-2024-47886 HIGH - 7.2

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an adminis...

Vendor: chamilo
Product: chamilo-lms
Published: Mar 02, 2026
Source: NVD