open source e-learning & collaboration software
Joined January 2010
- Tweets 54
- Following 6
- Followers 193
- Likes 0
Photos and videos
We have just released version 1.11.38 of Chamilo at record speed, fixing multiple issues, some of them CRITICAL. Notably, one of these was accessible without authentication.
Please update as soon as possible to protect your Chamilo portal and the personal data of your users.
🚨We have received several reports of Chamilo 1.11.* (including 1.11.36) portals getting cracked on the basis of a new unauthenticated RCE vulnerability. It only affects portals with the main/install/ directory. If you still have it, please remove it ASAP! [1/2]
1
35
Security advisories will be published within 2 weeks of today.
7
🚨We have received several reports of Chamilo 1.11.* (including 1.11.36) portals getting cracked on the basis of a new unauthenticated RCE vulnerability. It only affects portals with the main/install/ directory. If you still have it, please remove it ASAP! [1/2]
1
2
77
We are actively working on a fix and will provide a new version for download in the next few hours.
Please also check for scripts like rce_[somenumber].php or up_[some-number].php in your files, and verify configuration.php for any added code like file_put_contents() and remove
1
18
Also make sure database server details at the beginning of app/config/configuration.php are the correct ones, as the file might have been modified.
If you use web services, also update the value of security_key in configuration.php.
14
📢Chamilo 1.11.36 is now available for download. It contains a few more fixes to vulnerabilities of different types (on top of 1.11.34, released recently). Please update your Chamilo platform soon.
chamilo.org/en/download/
2
37
📢Chamilo 1.11.34 is now available for download.
It contains a number of fixes to vulnerabilities of different types, 1 of them CRITICAL.
Please update your Chamilo platform as soon as possible to avoid data loss/theft.
chamilo.org/en/download/
2
2
42
27 Jun 2025
Today, we have released Chamilo 1.11.32, which includes many vulnerability fixes (through 1.11.30). Please update soon. Stay safe.
chamilo.org/en/download/
37
22 Oct 2024
🪂Chamilo 1.11.28 has just landed, with many security fixes. Update today to help secure the Chamilo network. Together, we are stronger! 🚀
chamilo.org/download
1
4
3
97
19 Sep 2024
New reports of vulnerabilities have been appearing since early this week. These vulnerabilities have been addressed (as indicated in the original report by Quarkslab) but they consist of individual patches.
We are working on a 1.11.28 release which includes those fixes.
1
2
48
Chamilo Security retweeted
27 Sep 2023
Chamilo 1.11.26 is out 🥳This version includes highly-recommended security updates and a few improvements on top of the previous version. Please update ASAP to keep your data and servers safe. chamilo.org/download
1
13
10
757
27 Sep 2023
New critical vulnerabilities have been discovered (and fixes are available) in Chamilo 1.11.24. We urge you to update to 1.11.26 ASAP to avoid any issue with user data. Download 1.11.26 from github.com/chamilo/chamilo-l… or check each patch at support.chamilo.org/projects…
1
117
29 Aug 2023
A new vulnerability (IDOR) has been detected, affecting Chamilo 1.11 portals installed or updated since 2017.
Admins are encouraged to use the patch available here support.chamilo.org/projects… (affecting only 2 files for Chamilo 1.11.22) or to update as soon as 1.11.24 is released.
2
2
117
5 Aug 2023
All known vulnerabilities have been patched in this new version. Updating your portal using the standard update procedure (backup, then overwrite files on your existing portal) is the easiest possible way to keep your data and servers safe.
Please take the appropriate action soon
5 Aug 2023
Chamilo 1.11.22 is out 🥳
This version includes highly-recommended security updates and a few improvements on top of the previous version.
Please update ASAP to keep your data and servers safe.
chamilo.org/download
2
2
91
Chamilo Security retweeted
5 Aug 2023
Chamilo 1.11.22 is out 🥳
This version includes highly-recommended security updates and a few improvements on top of the previous version.
Please update ASAP to keep your data and servers safe.
chamilo.org/download
5
6
360
17 Jul 2023
New critical vulnerabilities have been discovered (and fixes are available) in Chamilo 1.11.20. We urge you to apply those pages ASAP, as we race to provide a new version 1.11.22 to allow for an easier update process.
support.chamilo.org/projects…
1
2
1
519
17 Jul 2023
One critical issue only affects Chamilo on Windows servers, while the other further exploits a vulnerable file (main/webservices/additional_webservices.php) which can safely be removed if you don't use the remote PPT converter extension.
1
76
17 Jul 2023
So if you're not on Windows and you've already deleted the additional_webservices.php script, you're already mostly OK 😉
1
68
9 Jun 2023
Hey chamilovers! We have just published 1.11.20, which includes a fix for a critical RCE vulnerability, so please update soon.
We care about u and ur users. Don't let bad guys abuse your Chamilo installation.
As always, the official source is on Github: github.com/chamilo/chamilo-l…
3
2
102
17 Jun 2023
We have received numerous reports of the RCE mentioned above being exploited since past yesterday.
If you cannot update your Chamilo portal safely, please delete the main/webservices/additional_webservices.php file (or block access to it) as a quick fix. Be safe.
1
4
173
17 Jun 2023
This issues affects most previous versions of Chamilo. Version 1.11.20 is safe in that regard.
49