9.8

CVE-2026-33707

Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the victim's password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ChamiloChamilo Lms Version < 1.11.38
ChamiloChamilo Lms Version2.0.0 Updatealpha1
ChamiloChamilo Lms Version2.0.0 Updatealpha2
ChamiloChamilo Lms Version2.0.0 Updatealpha3
ChamiloChamilo Lms Version2.0.0 Updatealpha4
ChamiloChamilo Lms Version2.0.0 Updatealpha5
ChamiloChamilo Lms Version2.0.0 Updatebeta1
ChamiloChamilo Lms Version2.0.0 Updatebeta2
ChamiloChamilo Lms Version2.0.0 Updatebeta3
ChamiloChamilo Lms Version2.0.0 Updaterc1
ChamiloChamilo Lms Version2.0.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.34
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 9.4 3.9 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://github.com/chamilo/chamilo-lms/commit/078d7e5b77679fa7ccfcd6783bd5cc683db0bda8
Patch
https://github.com/chamilo/chamilo-lms/commit/750a45312a0d5c3ad60dbfbd0d959ca40be4a18c
Patch
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-f27g-66gq-g7v2
Vendor Advisory