Lucene search
+L

674 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32939

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/id endpoint allows any authenticated user with ROLE STUDENT to escalate their privileges to ROLE ADMIN by modifying the roles field...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.15 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-32916

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

8.6CVSS5.7AI score0.00344EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.6 views

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

6.5CVSS5.9AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-32932

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-32894

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.8 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.7 views

CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 7:16 p.m.5 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 7:16 p.m.10 views

CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

9.8CVSS0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 7:16 p.m.8 views

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 7:5 p.m.21 views

CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

5.3CVSS0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 7:5 p.m.1 views

CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

5.3CVSS5.9AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 7:5 p.m.4 views

EUVD-2026-21569

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

5.3CVSS5.9AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 7:3 p.m.19 views

CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 7:3 p.m.2 views

CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:3 p.m.2 views

CVE-2026-33736

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 7:3 p.m.4 views

EUVD-2026-21567

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 7:3 p.m.20 views

CVE-2026-33736

Chamilo LMS prior to version 2.0.0-RC.3 is affected by an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user (including ROLE_STUDENT) to enumerate all platform users and retrieve personal information (email, phone, roles) via GET /api/users, potentially expos...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder