PT-2026-23633 · Chamilo · Chamilo
Published
2026-03-06
·
Updated
2026-03-06
·
CVE-2025-59544
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Chamilo versions prior to 1.11.34
Description
Chamilo is a learning management system. A flaw exists in the user category update functionality where authorization checks are missing for the
category id parameter. This allows users to modify the category of any user by manipulating the category id parameter. The issue was addressed in version 1.11.34.Recommendations
Update to version 1.11.34 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo