Description
Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rp2w-g734-jf8h
Patch x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/43a9bd1fb8b3f57e7935a6a6bc48975e2063b01b
Release Notes x_refsource_misc
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28
Scores
CVSS v3
5.3
EPSS
0.0008
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
chamilo/chamilo_lms
< 1.11.28
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026