CVE-2025-59541

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34

Description Chamilo is a learning management system. A Cross-Site Request Forgery (CSRF) issue allows an attacker to delete projects within a course without the victim’s consent. Sensitive actions, such as project deletion, do not implement anti-CSRF protections (tokens) and rely on GET based requests. An authenticated user (Trainer) can be tricked into performing this unwanted action by visiting a malicious page.

Recommendations Update to version 1.11.34 or later.