CVE-2026-32930
Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....