7.1
CVE-2026-33703
- EPSS 0.04%
- Veröffentlicht 10.04.2026 18:23:01
- Zuletzt bearbeitet 16.04.2026 18:48:04
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId parameter. This results in mass disclosure of sensitive user information and credentials, enabling a full platform data breach. This vulnerability is fixed in 2.0.0-RC.3.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha3
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha4
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha5
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta3
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc1
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.116 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| security-advisories@github.com | 7.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.