Angel Fernando Quiroz Campos

82 exploits Active since Jun 2023
CVE-2025-50198 WRITEUP MEDIUM WRITEUP
Chamilo < 1.11.30 - Deserialization of Untrusted Data via Import Configuration Parameters
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
CVSS 4.9
CVE-2025-52468 WRITEUP HIGH WRITEUP
Chamilo LMS < 1.11.30 - Stored Cross-Site Scripting via CSV User Import
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.
CVSS 8.8
CVE-2025-52469 WRITEUP HIGH WRITEUP
Chamilo <1.11.30 - Privilege Escalation
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal flow of sending and accepting friend requests, and even add non-existent users. This breaks access control and social interaction logic, with potential privacy implications. This issue has been patched in version 1.11.30.
CVSS 7.1
CVE-2025-52470 WRITEUP MEDIUM WRITEUP
Chamilo LMS < 1.11.30 - Stored Cross-Site Scripting via Category Name Field
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScript payloads. The injected script is later executed when accessing add_many_sessions_to_category.php, potentially compromising administrative sessions. This issue has been patched in version 1.11.30.
CVSS 4.8
CVE-2025-52475 WRITEUP MEDIUM WRITEUP
Chamilo LMS < 1.11.30 - Reflected Cross-Site Scripting via keyword_inactive Parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This issue has been patched in version 1.11.30.
CVSS 6.1
CVE-2025-52476 WRITEUP MEDIUM WRITEUP
Chamilo < 1.11.30 - Reflected Cross-Site Scripting via keyword_active Parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. This issue has been patched in version 1.11.30.
CVSS 6.1
CVE-2025-52482 WRITEUP HIGH WRITEUP
Chamilo LMS < 1.11.30 - Authenticated Stored Cross-Site Scripting in Glossary Function
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
CVSS 8.3
CVE-2025-52564 WRITEUP MEDIUM WRITEUP
Chamilo LMS < 1.11.30 - Cross-Site Scripting via help.php Open Parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.
CVSS 6.1
CVE-2025-52998 WRITEUP CRITICAL WRITEUP
Chamilo LMS < 1.11.30 - Deserialization of Untrusted Data
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.
CVSS 9.8
CVE-2023-3368 WRITEUP CRITICAL WRITEUP
Chamilo LMS <= 1.11.20 - Command Injection
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVSS 9.8
CVE-2023-34944 WRITEUP CRITICAL WRITEUP
Chamilo 1.11.0-1.11.18 - Arbitrary File Upload and Remote Code Execution via SVG File
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 9.8
CVE-2023-34958 WRITEUP MEDIUM WRITEUP
Chamilo LMS 1.11.0-1.11.18 - Incorrect Authorization in Student Document Download
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
CVSS 4.3
CVE-2023-34959 WRITEUP MEDIUM WRITEUP
Chamilo LMS 1.11.0-1.11.18 - Server-Side Request Forgery via Social and Links Tools
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS 5.3
CVE-2023-34961 WRITEUP MEDIUM WRITEUP
Chamilo LMS 1.11.0-1.11.18 - Cross-Site Scripting via Feedback Comment Field
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS 6.1
CVE-2023-34962 WRITEUP HIGH WRITEUP
Chamilo LMS 1.11.0-1.11.18 - Unauthenticated Incorrect Access Control in Personal Notes
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS 8.1
CVE-2023-3533 WRITEUP CRITICAL WRITEUP
Chamilo LMS <= 1.11.20 - Path Traversal
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
CVSS 9.8
CVE-2023-3545 WRITEUP CRITICAL WRITEUP
Chamilo < 1.11.20 - Unauthenticated Remote Code Execution via .htaccess File Upload
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.
CVSS 9.8
CVE-2023-37061 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Languages Management
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
CVSS 4.8
CVE-2023-37062 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Course Category Definition
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
CVSS 4.8
CVE-2023-37063 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Careers & Promotions Management
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
CVSS 4.8
CVE-2023-37064 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Extra Fields Management
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
CVSS 4.8
CVE-2023-37065 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Session Category Management
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
CVSS 4.8
CVE-2023-37066 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Skills Wheel
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
CVSS 4.8
CVE-2023-37067 WRITEUP MEDIUM WRITEUP
Chamilo 1.11.0-1.11.20 - Authenticated Stored Cross-Site Scripting in Classes/Usergroups Management
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
CVSS 4.8
CVE-2023-4223 WRITEUP HIGH WRITEUP
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8