PT-2026-32009 · Unknown · Chamilo Lms
Published
2026-04-10
·
Updated
2026-04-11
·
CVE-2026-32930
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3
Description
Chamilo LMS contains an Insecure Direct Object Reference (IDOR) issue in the gradebook evaluation edit page. An authenticated teacher can view and modify evaluation settings (name, max score, weight) for any course by manipulating the
editeval GET parameter. This allows unauthorized access and modification of data.Recommendations
Update to version 1.11.38 or later.
Update to version 2.0.0-RC.3 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo Lms