CVE-2026-34602

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3

Description An Insecure Direct Object Reference (IDOR) exists in the '/api/course rel users' endpoint. An authenticated attacker can modify the user parameter in the request body to enroll any arbitrary user into any course. This occurs because the backend trusts user-supplied input for the user field without server-side verification to ensure the requester has the necessary permissions to act on behalf of other users. This allows unauthorized manipulation of user-course relationships, which can lead to bypassing enrollment controls and granting unintended access to course materials.

Recommendations Update to version 2.0.0-RC.3.