CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

CVE-2026-33714

Chamilo LMS versions 2.0.0-RC.2 are affected by a SQL injection in the statistics AJAX endpoint (public/main/inc/ajax/statistics.ajax.php) where unsanitized parameters date_start and date_end in the users_active action interpolate into SQL. This follows an incomplete fix for CVE-2026-30881, which...

CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

PT-2026-32914

CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...