CVE-2026-23878 HotCRP vulnerable to exposure of submitted documents

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

PT-2023-25073 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11. up to 1.11.18 Description: The issue allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID, due to incorrect access control. Recommendations: For...