CVE-2026-34602

EPSS 0.2%
Veröffentlicht 14.04.2026 21:29:06
Zuletzt bearbeitet 22.04.2026 18:46:22
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into any course without proper authorization checks. The backend trusts the user-supplied input for the user field and performs no server-side verification that the requester owns the referenced user ID or has permission to act on behalf of other users. This enables unauthorized manipulation of user-course relationships, potentially granting unintended access to course materials, bypassing enrollment controls, and compromising platform integrity. This issue has been fixed in version  2.0.0-RC.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 11 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version <= 1.11.38

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha1

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha2

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha3

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha4

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha5

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta1

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta2

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta3

Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc1

Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3

Product

Release Notes

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-x373-8j9j-g5pj

Vendor Advisory

https://github.com/chamilo/chamilo-lms/commit/2a9f060fa9d50fc9a92ed93af774d2619642df92

Patch

https://github.com/chamilo/chamilo-lms/commit/bd2ba34c2e74475587e38c74c90c2934e69c8779

Patch

https://github.com/chamilo/chamilo-lms/commit/c9c30cdc48afae57cd6ab012ae2eceafd351a40e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-34602