cbcvebase.

Chamilo Lms vulnerabilities

121 known vulnerabilities affecting chamilo/chamilo_lms.

Total CVEs
121
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL17HIGH47MEDIUM57

Vulnerabilities

Page 4 of 7
CVE-2012-4030P3HIGHCVSS 7.5fixed in 1.8.8.62020-01-10
CVE-2012-4030 [HIGH] CWE-20 CVE-2012-4030: Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
nvd
CVE-2022-27421P3HIGHCVSS 7.2≤ 1.11.142022-04-15
CVE-2022-27421 [HIGH] CWE-20 CVE-2022-27421: Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
nvd
CVE-2026-32894P3HIGHCVSS 7.1fixed in 1.11.38v2.0.02026-04-10
CVE-2026-32894 [HIGH] CWE-476 CVE-2026-32894: Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the delete_mark or resultdelete GET parameters. No ownership or course-
nvd
CVE-2026-32930P3HIGHCVSS 7.1fixed in 1.11.38v2.0.02026-04-10
CVE-2026-32930 [HIGH] CWE-639 CVE-2026-32930: Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings (name, max score, weight) of evaluations belonging to any other course by manipulating the editeval GET parameter.
nvd
CVE-2026-33703P3MEDIUMCVSS 6.5v2.0.02026-04-10
CVE-2026-33703 [MEDIUM] CWE-639 CVE-2026-33703: Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId parameter. This results in mass disclosure of sensitive
nvd
CVE-2026-34370P3MEDIUMCVSS 6.5≤ 1.11.38v2.0.02026-04-14
CVE-2026-34370 [MEDIUM] CWE-285 CVE-2026-34370: Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the noteb Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating the notebook_id parameter in the editnote action. The
nvd
CVE-2026-33737P3MEDIUMCVSS 6.5fixed in 1.11.38v2.0.02026-04-10
CVE-2026-33737 [MEDIUM] CWE-611 CVE-2026-33737: Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use sim Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
nvd
CVE-2026-33702P3HIGHCVSS 7.1fixed in 1.11.38v2.0.02026-04-10
CVE-2026-33702 [HIGH] CWE-639 CVE-2026-33702: Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoint. The file lp_ajax_save_item.php accepts a uid (user ID) parameter directly from $_REQUEST and uses it to load and modify another user's Learning Path p
nvd
CVE-2026-33736P3MEDIUMCVSS 6.5v2.0.02026-04-10
CVE-2026-33736 [MEDIUM] CWE-639 CVE-2026-33736: Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.
nvd
CVE-2026-33141P3MEDIUMCVSS 6.5≤ 1.11.38v2.0.02026-04-10
CVE-2026-33141 [MEDIUM] CWE-639 CVE-2026-33141: Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress, certificates, and gradebook scores for any course, without enrollment or
nvd
CVE-2025-59541P3HIGHCVSS 8.1fixed in 1.11.342026-03-06
CVE-2025-59541 [HIGH] CWE-352 CVE-2025-59541: Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSR Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result,
nvd
CVE-2020-23127P3HIGHCVSS 8.8v1.11.102021-05-06
CVE-2020-23127 [HIGH] CWE-352 CVE-2020-23127: Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by t Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
nvd
CVE-2026-33708P3MEDIUMCVSS 6.5fixed in 1.11.382026-04-10
CVE-2026-33708 [MEDIUM] CWE-862 CVE-2026-33708: Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no authorization check. This vulnerability is fixed in 1.11.38.
nvd
CVE-2026-1106P3MEDIUMCVSS 5.4fixed in 2.0.0v2.0.02026-01-18
CVE-2026-1106 [MEDIUM] CWE-266 CVE-2026-1106: A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the functi A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The
nvd
CVE-2019-1000017P3MEDIUMCVSS 6.5≤ 1.11.82019-02-04
CVE-2019-1000017 [MEDIUM] CWE-862 CVE-2019-1000017: Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have bee
nvd
CVE-2024-27524P4HIGHCVSS 7.1v1.11.262024-11-01
CVE-2024-27524 [HIGH] CWE-79 CVE-2024-27524: Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate pri Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
nvd
CVE-2026-33705P4MEDIUMCVSS 5.3fixed in 1.11.382026-04-10
CVE-2026-33705 [MEDIUM] CWE-538 CVE-2026-33705: Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /mai Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. This vulnerability is fixed in 1.11.38.
nvd
CVE-2025-52564P4MEDIUMCVSS 6.1fixed in 1.11.302026-03-02
CVE-2025-52564 [MEDIUM] CWE-80 CVE-2025-52564: Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fa Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.
nvd
CVE-2026-34161P4MEDIUMCVSS 5.4≤ 1.11.38v2.0.02026-04-14
CVE-2026-34161 [MEDIUM] CWE-79 CVE-2026-34161: Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the /api/social_post_attachments endpoint. The uploaded file is se
nvd
CVE-2024-50337P4MEDIUMCVSS 5.3fixed in 1.11.282026-03-02
CVE-2024-50337 [MEDIUM] CWE-918 CVE-2024-50337: Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.
nvd
Chamilo Lms vulnerabilities | cvebase