Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/04/14 7:22 p.m.7 views

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS6AI score0.00174EPSS
Exploits0References1
osv
osv
added 2026/04/10 6:23 p.m.4 views

CVE-2026-33703 Chamilo LMS Critical IDOR: Any Authenticated User Can Extract All Users’ Personal Data and API Tokens

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS6AI score0.00174EPSS
Exploits0References3
cve
cve
added 2026/01/16 12:0 a.m.12 views

CVE-2025-69581

Chamillo LMS 1.11.2 has a data exposure flaw on the Social Network /personal_data endpoint due to missing cache-control headers. This allows unauthorized users on the same device to view full sensitive user data after logout (via the browser back button). Root cause: improper cache control. Impac...

5.5CVSS6.1AI score0.00213EPSS
Exploits2References2Affected Software1
vulnrichment
vulnrichment
added 2026/01/16 12:0 a.m.5 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

6.1AI score0.00213EPSS
Exploits2References2
osv
osv
added 2026/01/16 12:0 a.m.5 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

5.5CVSS5.5AI score0.00213EPSS
Exploits2References4
Rows per page
Query Builder