CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

CVE-2026-31941 Server-Side Request Forgery (SSRF) in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

CVE-2026-31941 Server-Side Request Forgery (SSRF) in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

EUVD-2026-21523

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

CVE-2026-31941

Chamilo LMS prior to versions 1.11.38 and 2.0.0-RC.3 is affected by a Server-Side Request Forgery (SSRF) in the Social Wall feature. The read_url_with_open_graph endpoint accepts a user-supplied URL via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests without...

PT-2026-32001

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The /read url with open graph endpoint accepts a URL from the user via...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained code vulnerabilities. These vulnerabilities...

WordPress GC Social Wall Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress GC Social Wall, which stems from insufficient input cleanup and output escaping, and can be exploited by an attacke...

CVE-2025-5564 GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gcsocialwall' shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress GC Social wall plugin <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin GC Social Wall versions = 1.15...

PT-2025-26917 · WordPress · Gc Social Wall

Name of the Vulnerable Software and Affected Versions: GC Social Wall plugin for WordPress versions up to, and including, 1.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gc social wall' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin GC Social Wall 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress GC Social Wall, which stems from insufficient input cleanup and output escaping, and can be exploited by an attacke...

CVE-2024-30617

A Cross-Site Request Forgery CSRF vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

CVE-2024-30617

Chamilo LMS 1.11.26 is affected by a Cross-Site Request Forgery (CSRF) vulnerability affecting the /main/social/home.php endpoint, enabling an attacker to cause a user to post a fake update on their social wall without consent. The issue is documented across multiple feeds (NVD, Red Hat, OSV) wit...

CVE-2024-30617

A Cross-Site Request Forgery CSRF vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge...

Chamilo LMS Insecure Direct Object Reference

Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...

Chamilo LMS IDOR - messageId Delete POST Injection

Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...