Lucene search
+L

674 matches found

NVD
NVD
added 2026/04/10 6:16 p.m.4 views

CVE-2026-32932

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

6.1CVSS0.00178EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 6:16 p.m.4 views

CVE-2026-32894

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS0.0028EPSS
Exploits1References3
NVD
NVD
added 2026/04/10 6:16 p.m.7 views

CVE-2026-31939

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

8.3CVSS0.0035EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 6:16 p.m.4 views

CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

7.7CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 6:15 p.m.21 views

CVE-2026-33702 Chamilo LMS has an Insecure Direct Object Reference (IDOR)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 6:15 p.m.3 views

CVE-2026-33702 Chamilo LMS has an Insecure Direct Object Reference (IDOR)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:15 p.m.4 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 6:15 p.m.3 views

EUVD-2026-21541

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 6:15 p.m.3 views

CVE-2026-33702 Chamilo LMS has an Insecure Direct Object Reference (IDOR)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS6AI score0.00238EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:14 p.m.3 views

CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

9.3CVSS5.8AI score0.00321EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 6:10 p.m.8 views

EUVD-2026-21537

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS6AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 6:10 p.m.3 views

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS6AI score0.00319EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:10 p.m.2 views

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS6AI score0.00319EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/10 6:10 p.m.29 views

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS0.00319EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 6:10 p.m.3 views

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS6.1AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 6:1 p.m.3 views

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS6AI score0.00141EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/10 5:56 p.m.30 views

CVE-2026-32892 OS Command Injection in Chamilo LMS 1.11.36

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS0.01527EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:56 p.m.2 views

CVE-2026-32892

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/10 5:56 p.m.22 views

CVE-2026-32892

CVE-2026-32892 affects Chamilo LMS before 1.11.38 and 2.0.0-RC.3. The vulnerability is an OS command injection in the move() function of fileManage.lib.php, where user-controlled path values are concatenated into shell commands (e.g., exec("mv $source $target")) without escaping. The move_to POST...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/10 5:51 p.m.15 views

EUVD-2026-21534

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

4.7CVSS5.9AI score0.00178EPSS
Exploits0References3
Rows per page
Query Builder