57 matches found
CVE-2026-31939
Chamilo LMS prior to 1.11.38 is affected by a path traversal vulnerability in main/exercise/savescores.php that allows arbitrary file deletion via user input from $_REQUEST['test'], concatenated into a filesystem path without canonicalization or traversal checks. The issue is fixed in version 1.1...
CVE-2026-33708
Chamilo LMS exposes PII via the get_user_info_from_username REST endpoint before version 1.11.38. Any authenticated user (including students) can retrieve another user’s email, first name, last name, user ID, and active status due to missing authorization checks. This has been fixed in 1.11.38. R...
CVE-2025-50190
CVE-2025-50190 affects Chamilo LMS (pre-1.11.30) via an error-based SQL injection in the index.php script, triggered by the GET parameter openid.assoc_handle. Public sources confirm vulnerable versions prior to 1.11.30 and indicate a patch in 1.11.30. Connected reports (CNVD/CIRCL/NVD/OSV, etc.) ...
CVE-2025-52475
CVE-2025-52475 affects Chamilo LMS before 1.11.30. A reflected XSS exists in the admin/user_list.php endpoint where the keyword_inactive parameter is not properly sanitized, allowing an attacker to inject JavaScript via a crafted URL. The issue is patched in version 1.11.30. No exploitation detai...
CVE-2026-33705
CVE-2026-33705 affects Chamilo LMS. Prior to 1.11.38, Twig template files under /main/template/default/ were accessible without authentication via HTTP GET, exposing internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. The issue is fixed in 1.11.38. Reported ...
CVE-2025-52482
CVE-2025-52482 affects Chamilo LMS prior to version 1.11.30, with a stored XSS vulnerability in the glossary function. The issue allows users with the Teachers role to inject JavaScript against the administrator via the glossary/trigger paths (e.g., /main/glossary/index.php and related tracking r...
CVE-2026-30876
Chamilo LMS before version 1.11.36 is vulnerable to user enumeration via login response (valid vs invalid usernames). The issue has been fixed in 1.11.36. CVSS‑4.0 metrics indicate Network attack vector, Low confidentiality impact, and a Medium overall severity (6.3).