Lucene search
+L

4 matches found

attackerkb
attackerkb
added 2026/04/10 6:1 p.m.4 views

CVE-2026-33141

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/04/10 6:1 p.m.31 views

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS0.00141EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/10 6:1 p.m.4 views

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.6 views

PT-2026-32012

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, contains an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint. This allows any authenticated user, even those with...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References5
Rows per page
Query Builder