CVE-2026-33708

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38

Description Chamilo LMS is a learning management system. The get user info from username API endpoint ('/get user info from username') does not perform authorization checks, allowing any authenticated user to retrieve personal information (email, first name, last name, user ID, active status) of any other user. The vulnerable parameter is the username.

Recommendations Update to version 1.11.38 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-33708

Affected Products

Chamilo Lms

CVE-2026-33708

Weakness Enumeration

Related Identifiers

Affected Products

References · 5