Search Results | AttackerKB

Show filters

Topics 3 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2013-0738

Disclosure Date: January 30, 2020 (last updated February 21, 2025)

Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2013-0739

Disclosure Date: January 30, 2020 (last updated February 21, 2025)

Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2013-6787

Disclosure Date: December 05, 2013 (last updated October 05, 2023)

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

0