chamilo

Top products

The 15 most recently published vulnerabilities affecting chamilo.

• CVE-2026-40291Chamilo LMS has Privilege Escalation via API User Role Modification8.8Apr 14, 2026
• CVE-2026-35196Chamilo LMS has OS Command Injection via export_all_certificates action8.8Apr 14, 2026
• CVE-2026-34602Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses7.1Apr 14, 2026
• CVE-2026-34370Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes6.5Apr 14, 2026
• CVE-2026-34161Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution5.4Apr 14, 2026
• CVE-2026-34160Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services8.6Apr 14, 2026
• CVE-2026-33715Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action7.2Apr 14, 2026
• CVE-2026-33714Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)7.2Apr 14, 2026
• CVE-2026-33737Chamilo LMS has an XML External Entity (XXE) Injection5.3Apr 10, 2026
• CVE-2026-33736Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure6.5Apr 10, 2026
• CVE-2026-33710Chamilo LMS has Weak REST API Key Generation (Predictable)7.5Apr 10, 2026
• CVE-2026-33708Chamilo LMS has REST API PII Exposure via get_user_info_from_username6.5Apr 10, 2026
• CVE-2026-33707Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms9.4Apr 10, 2026
• CVE-2026-33706Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)7.1Apr 10, 2026
• CVE-2026-33705Chamilo LMS has unauthenticated access to Twig template source files exposes application logic5.3Apr 10, 2026