571 matches found
CVE-2026-35196
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...
CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username
Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...
EUVD-2026-21561
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...
CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...
CVE-2026-33703
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...
CVE-2025-66447
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2...
CVE-2026-32931
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its...
EUVD-2025-209408
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2...
Chamilo LMS 输入验证错误漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS from 1.11.0 to 2.0-beta.1 contain a vulnerability related to input validation errors. Th...
Chamilo LMS 安全漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...
CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
EUVD-2026-19040
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...
CVE-2026-5546 Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...
CampCodes Complete Online Learning Management System 代码问题漏洞
CampCodes Complete Online Learning Management System is an online learning system developed by the Philippine company CampCodes. Version 1.0 of the Campcodes Complete Online Learning Management System has a code vulnerability. This vulnerability stems from improper upload restrictions in the...
CVE-2026-34606
Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...
Frappe Learning Management System 跨站脚本漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System from 2.27.0 to 2.48.0 had a cross-site scripting vulnerability, which originated from a stored-cross-site scripting vulnerability...