CVE-2026-32932

MEDIUM

Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit

Title source: cna

Description

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

References (3)

[X_Refsource_Confirm] https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-q2cp-3qj3-wx8q

[X_Refsource_Misc] https://github.com/chamilo/chamilo-lms/commit/b005b3d3e76cf6eafc03e15ac445ceff089551c0

[X_Refsource_Misc] https://github.com/chamilo/chamilo-lms/commit/fbd8d7eb37d05ec974293f05b6ffaaf9102ebd2b

View Writeup ZIP pw:eip

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Details

CWE

CWE-601

Status published

Products (4)

chamilo/chamilo-lms < 1.11.38

chamilo/chamilo-lms >= 2.0.0-alpha.1, < 2.0.0-RC.3

chamilo/chamilo_lms 2.0.0 alpha1 (10 CPE variants)

chamilo/chamilo_lms < 1.11.38

Published Apr 10, 2026

Tracked Since Apr 11, 2026