CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/15 7:24 p.m.•3 views

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS5.8AI score0.00076EPSS

RedhatCVE•added 2026/04/15 7:23 p.m.•3 views

CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

9.8CVSS5.8AI score0.00122EPSS

RedhatCVE•added 2026/04/15 7:23 p.m.•2 views

CVE-2026-32931

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its...

8.8CVSS5.9AI score0.00279EPSS

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.8CVSS5.8AI score0.00121EPSS

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-31939

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

8.3CVSS5.9AI score0.00079EPSS

NVD•added 2026/04/10 7:16 p.m.•1 views

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

8.8CVSS0.00305EPSS

NVD•added 2026/04/10 7:16 p.m.•3 views

CVE-2026-33698

9.8CVSS0.00122EPSS

NVD•added 2026/04/10 7:16 p.m.•1 views

CVE-2026-33706

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS0.00034EPSS

Vulnrichment•added 2026/04/10 7:5 p.m.•0 views

CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

5.3CVSS5.9AI score0.00036EPSS

EUVD•added 2026/04/10 7:5 p.m.•1 views

EUVD-2026-21569

5.3CVSS5.9AI score0.00036EPSS

Cvelist•added 2026/04/10 6:59 p.m.•16 views

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS0.00044EPSS

CVE•added 2026/04/10 6:59 p.m.•4 views

CVE-2026-33710

Chamilo LMS (prior to 1.11.38 and 2.0.0-RC.3) uses REST API keys generated by md5(time() + (user_id * 5) - rand(10000, 10000)). Since rand(10000,10000) always returns 10000, the key becomes md5(timestamp + user_id*5 - 10000), enabling brute-forcing by an attacker who knows a username and approxim...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/10 6:59 p.m.•2 views

CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable)

7.5CVSS5.8AI score0.00044EPSS

ATTACKERKB•added 2026/04/10 6:54 p.m.•0 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00038EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/10 6:54 p.m.•4 views

CVE-2026-33708

Chamilo LMS exposes PII via the get_user_info_from_username REST endpoint before version 1.11.38. Any authenticated user (including students) can retrieve another user’s email, first name, last name, user ID, and active status due to missing authorization checks. This has been fixed in 1.11.38. R...

6.5CVSS5.8AI score0.00038EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/10 6:54 p.m.•16 views

CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username

6.5CVSS0.00038EPSS

EUVD•added 2026/04/10 6:54 p.m.•0 views

EUVD-2026-21563

6.5CVSS5.8AI score0.00038EPSS