CVE-2026-33702

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3

Description Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoint. The lp ajax save item.php file accepts a uid parameter directly from the request and uses it to load and modify another user's Learning Path progress – including score, status, completion, and time – without verifying that the requesting user matches the target user ID. Any authenticated user enrolled in a course can overwrite another user's Learning Path progress by changing the uid parameter in the request.

Recommendations Update to Chamilo LMS version 1.11.38 or later. Update to Chamilo LMS version 2.0.0-RC.3 or later.