CVE-2026-33736

Published: Apr 10, 2026 Last Modified: Apr 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 6 Days)

639

Authorization Bypass Through User-Controlled Key

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Chamilo Lms by Chamilo

Product Information
Vendor Chamilo
Product Chamilo Lms
Version 2.0.0
cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/chamilo/chamilo-lms/commit/1739371ce1c56…
https://github.com/chamilo/chamilo-lms/commit/1739371ce1c562c007c7f5d53e6d65b7a…
https://github.com/chamilo/chamilo-lms/security/advisories/…
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-fp2p-fj6c-x3x9