CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

CVE-2025-69581

Chamillo LMS 1.11.2 has a data exposure flaw on the Social Network /personal_data endpoint due to missing cache-control headers. This allows unauthorized users on the same device to view full sensitive user data after logout (via the browser back button). Root cause: improper cache control. Impac...

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...