CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/14 9:0 p.m.•14 views

CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.1CVSS0.00044EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•0 views

PT-2026-32936

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the export all certificates action, where the course code retrieved from the session variable $ SESSION'...

8.8CVSS6.2AI score0.00261EPSS

Exploits1References6

NVD•added 2026/04/10 7:16 p.m.•1 views

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

8.8CVSS0.00305EPSS

NVD•added 2026/04/10 7:16 p.m.•1 views

CVE-2026-33706

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS0.00034EPSS

ATTACKERKB•added 2026/04/10 6:32 p.m.•0 views

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS5.8AI score0.00076EPSS

Cvelist•added 2026/04/10 6:32 p.m.•17 views

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

5.3CVSS0.00076EPSS

NVD•added 2026/04/10 6:16 p.m.•2 views

CVE-2026-33141

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS0.00023EPSS

ATTACKERKB•added 2026/04/10 6:1 p.m.•2 views

CVE-2026-33141

6.5CVSS5.8AI score0.00023EPSS

EUVD•added 2026/04/10 5:56 p.m.•1 views

EUVD-2026-21524

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.00095EPSS

Cvelist•added 2026/04/10 5:50 p.m.•21 views

CVE-2026-32931 Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its...

7.5CVSS0.00279EPSS

EUVD•added 2026/04/10 5:44 p.m.•0 views

EUVD-2026-21527

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.00039EPSS

Exploits1References3

ATTACKERKB•added 2026/04/10 5:42 p.m.•0 views

CVE-2026-32893

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...

5.4CVSS6.1AI score0.00035EPSS

CVE•added 2026/04/10 5:42 p.m.•6 views

CVE-2026-32893

CVE-2026-32893 : Chamilo LMS is vulnerable to a reflected XSS in the exercise question list pagination. Before 2.0.0-RC.3, the pagination code merges all GET parameters with array_merge() and injects http_build_query() output into HTML href attributes without htmlspecialchars(), allowing an authe...

5.4CVSS6.1AI score0.00035EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/10 5:32 p.m.•1 views

EUVD-2026-21521

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

8.3CVSS5.9AI score0.00079EPSS

CVE•added 2026/04/10 5:32 p.m.•3 views

CVE-2026-31939

Chamilo LMS prior to 1.11.38 is affected by a path traversal vulnerability in main/exercise/savescores.php that allows arbitrary file deletion via user input from $_REQUEST['test'], concatenated into a filesystem path without canonicalization or traversal checks. The issue is fixed in version 1.1...

8.3CVSS5.9AI score0.00079EPSS

ATTACKERKB•added 2026/04/10 5:22 p.m.•2 views

CVE-2025-66447

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2...

5.8AI score0.00037EPSS