CVE-2026-34602

HIGH EPSS 10.4%
Published Apr 14, 20262mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Apr 14, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into any course without proper authorization checks. The backend trusts the user-supplied input for the user field and performs no server-side verification that the requester owns the referenced user ID or has permission to act on behalf of other users. This enables unauthorized manipulation of user-course relationships, potentially granting unintended access to course materials, bypassing enrollment controls, and compromising platform integrity. This issue has been fixed in version 2.0.0-RC.3.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
10.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-639

Affected Products 11

VendorProductVersionRange
chamilochamilo_lms* ≤1.11.38
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any

References 5

  • github.com https://github.com/chamilo/chamilo-lms/commit/2a9f060fa9d50fc9a92ed93af774d2619642df92
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/bd2ba34c2e74475587e38c74c90c2934e69c8779
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/c9c30cdc48afae57cd6ab012ae2eceafd351a40e
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3
    ProductRelease Notes
  • github.com https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-x373-8j9j-g5pj
    Vendor Advisory

Remediation

  • github.com https://github.com/chamilo/chamilo-lms/commit/2a9f060fa9d50fc9a92ed93af774d2619642df92
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/bd2ba34c2e74475587e38c74c90c2934e69c8779
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/c9c30cdc48afae57cd6ab012ae2eceafd351a40e
    Patch