Description
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and performs two server-side HTTP requests to that URL without validating whether the target is an internal or external resource. This allows an authenticated attacker to force the server to make arbitrary HTTP requests to internal services, scan internal ports, and access cloud instance metadata. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
References (3)
Core 3
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q74c-mx8x-489h
X_Refsource_Misc x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/e3790c5f0ff3b4dc547c2099fadf5c438c1bb265
X_Refsource_Misc x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/ea6b7b7e90580c9b01dc4bcafe4ad737061e0ead
Scores
CVSS v3
7.7
EPSS
0.0023
EPSS Percentile
13.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (4)
chamilo/chamilo-lms
< 1.11.38
chamilo/chamilo-lms
>= 2.0.0-alpha.1, < 2.0.0-RC.3
chamilo/chamilo_lms
2.0.0 alpha1 (10 CPE variants)
chamilo/chamilo_lms
< 1.11.38
Published
Apr 10, 2026
Tracked Since
Apr 10, 2026