Writeup Exploits
60,940 exploits tracked across all sources.
ITC Systems Multiplan/Matrix OneCard <3.7.4.1002 - SQL Injection
ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx.
CVSS 6.5
Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
CVSS 5.4
Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
CVSS 5.4
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via Unrestricted PHP File Upload
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via Unrestricted PHP File Upload
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS 8.8
Chamilo LMS <= 1.11.24 - Command Injection
Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS 7.2
Chamilo LMS <= 1.11.24 - Command Injection
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVSS 7.2
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS 8.1
Chamilo LMS 1.11.0-1.11.18 - Unauthenticated Incorrect Access Control in Personal Notes
Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes.
CVSS 8.1
Chamilo LMS 1.11.0-1.11.18 - Server-Side Request Forgery via Social and Links Tools
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS 5.3
Chamilo LMS 1.11.0-1.11.18 - Server-Side Request Forgery via Social and Links Tools
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS 5.3
Chamilo 1.11.0-1.11.18 - Arbitrary File Upload and Remote Code Execution via SVG File
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 9.8
Chamilo LMS <= 1.11.20 - Command Injection
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVSS 9.8
Chamilo 1.11 - Authenticated Remote Code Execution via Zip Slip in File Upload
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS 8.8
chamilo 1.11.14 - Cross-Site Scripting via jCapture Plugin Cookie
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
CVSS 6.1
Chamilo LMS 1.11.0-1.11.14 - Stored Cross-Site Scripting via Social Network Invitation Feature
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
CVSS 5.4
Chamilo LMS 1.11.0 through 1.11.16 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVSS 4.8
Chamilo LMS 1.11.0 through 1.11.16 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVSS 4.8
By Source