216.73.216.197

CVE-2026-32930

· Published 10/04/2026 18:16 · Modified 10/04/2026 18:16

Labels: CVE-2026-32930 2026-04-10CVE-2026-32930CWE-639[email protected]

Essential information

Published
10/04/2026 18:16
Modified
10/04/2026 18:16
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS metrics

Description

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings (name, max score, weight) of evaluations belonging to any other course by manipulating the editeval GET parameter. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chamilo / chamilo lms cpe:2.3:a:chamilo:chamilo_lms:<1.11.38:*:*:*:*:*:*:*
chamilo / chamilo lms cpe:2.3:a:chamilo:chamilo_lms:1.11.38:*:*:*:*:*:*:*
chamilo / chamilo lms cpe:2.3:a:chamilo:chamilo_lms:2.0.0-RC.3:*:*:*:*:*:*:*

References