6.5
CVE-2026-33737
- EPSS 0.03%
- Veröffentlicht 10.04.2026 19:16:24
- Zuletzt bearbeitet 16.04.2026 18:22:09
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Chamilo ≫ Chamilo Lms Version < 1.11.38
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha3
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha4
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha5
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta3
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc1
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.