4.7
CVE-2026-32932 - Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the β¦
7.5
CVE-2026-32931 - Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its oriβ¦
7.1
CVE-2026-32930 - Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings (name, max score, weight) of evaluations belonging to any othβ¦
7.1
CVE-2026-32894 - Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the delete_mark oβ¦
5.4
CVE-2026-32893 - Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Paginatiβ¦
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $_GET parameters β¦
7.7
CVE-2026-31941 - Server-Side Request Forgery (SSRF) in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and perβ¦
7.5
CVE-2026-31940 - Session Fixation in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and 2.0.0-RCβ¦
8.5
CVE-2026-5483 - Odh-dashboard: odh dashboard kubernetes service account exposure
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kuberβ¦
8.3
CVE-2026-31939 - Path Traversal (Arbitrary File Delete) in Chamilo LMS
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabiliβ¦
0
CVE-2025-66447 - Chamilo LMS has validation-less redirect on login page
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.