Lucene search
K

4 matches found

NVD
NVD
added 2026/04/10 7:16 p.m.4 views

CVE-2026-33706

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 6:32 p.m.3 views

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 6:30 p.m.2 views

CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

7.1CVSS6AI score0.0042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:32 p.m.4 views

CVE-2026-31939

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

8.3CVSS5.9AI score0.0035EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder