Angel Fernando Quiroz Campos

44 exploits Active since Jun 2023

CVE-2024-50337 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.28 - SSRF

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

CVSS 5.3

View Code

CVE-2025-50186 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - Stored XSS

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., <img src=q onerror=prompt(8)>.csv) that leads to JavaScript execution when viewed by administrators or users with access to import logs or file views. This issue has been patched in version 1.11.30.

CVSS 4.8

View Code

CVE-2025-50188 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50189 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

CVSS 8.8

View Code

CVE-2025-50190 WRITEUP CRITICAL WRITEUP

Chamilo <1.11.30 - SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.

CVSS 9.8

View Code

CVE-2025-50191 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50192 WRITEUP CRITICAL WRITEUP

Chamilo <1.11.30 - SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.

CVSS 9.8

View Code

CVE-2025-50193 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Command Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50194 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Command Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50195 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Command Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50196 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Command Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50197 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Command Injection

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.

CVSS 7.2

View Code

CVE-2025-50198 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - Deserialization

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.

CVSS 4.9

View Code

CVE-2025-52468 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Stored XSS

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.

CVSS 8.8

View Code

CVE-2025-52469 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Privilege Escalation

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal flow of sending and accepting friend requests, and even add non-existent users. This breaks access control and social interaction logic, with potential privacy implications. This issue has been patched in version 1.11.30.

CVSS 7.1

View Code

CVE-2025-52470 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - Stored XSS

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScript payloads. The injected script is later executed when accessing add_many_sessions_to_category.php, potentially compromising administrative sessions. This issue has been patched in version 1.11.30.

CVSS 4.8

View Code

CVE-2025-52475 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - XSS

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This issue has been patched in version 1.11.30.

CVSS 6.1

View Code

CVE-2025-52476 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - XSS

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. This issue has been patched in version 1.11.30.

CVSS 6.1

View Code

CVE-2025-52482 WRITEUP HIGH WRITEUP

Chamilo <1.11.30 - Stored XSS

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

CVSS 8.3

View Code

CVE-2025-52564 WRITEUP MEDIUM WRITEUP

Chamilo <1.11.30 - XSS

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

CVSS 6.1

View Code

CVE-2025-52998 WRITEUP CRITICAL WRITEUP

Chamilo <1.11.30 - Deserialization

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.

CVSS 9.8

View Code

CVE-2023-3368 WRITEUP CRITICAL WRITEUP

Chamilo LMS <= 1.11.20 - Command Injection

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

CVSS 9.8

View Code

CVE-2023-34944 WRITEUP CRITICAL WRITEUP

Chamilo Lms < 1.11.18 - Unrestricted File Upload

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

CVSS 9.8

View Code

CVE-2023-34958 WRITEUP MEDIUM WRITEUP

Chamilo Lms < 1.11.18 - Incorrect Authorization

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

CVSS 4.3

View Code

CVE-2023-34959 WRITEUP MEDIUM WRITEUP

Chamilo Lms < 1.11.18 - SSRF

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

CVSS 5.3

View Code