Chamilo Vulnerabilities
Comprehensive security vulnerability database for Chamilo products
2
1
1
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-50186 | 4.8 | An attacker can upload a specially crafted CSV file that contains malicious code, which can then execute JavaScript when viewed by administrators or users who can access import logs. This vulnerability affects versions prior to 1.11.30 and relies on the attacker being able to upload files with unsafe names. | chamilochamilo lms | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2024-50337 | 5.3 | This vulnerability allows an attacker to trick the Chamilo learning management system into making requests to any URL on the server's behalf, potentially exposing sensitive information. It affects versions prior to 1.11.28 and requires no authentication, making it easier for attackers to exploit. | chamilochamilo lms | Theoretical | about 1 month agoMar 2, 2026 |
About Chamilo Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Chamilo products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.