CVE-2024-50337

MEDIUM
2026-03-02 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 03, 2026 - 19:11 vuln.today
Public exploit code
Patch Released
Mar 03, 2026 - 19:11 nvd
Patch available
CVE Published
Mar 02, 2026 - 15:16 nvd
MEDIUM 5.3

Tags

SSRF Chamilo Lms

Description

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

Analysis

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

Technical Context

Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

Affected Products

Vendor: Chamilo. Product: Chamilo Lms. Versions: up to 1.11.28.

Remediation

A vendor patch is available — apply it immediately. Fixed in version 1.11.28.. Restrict network access to the affected service where possible.

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

CVE-2024-50337 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy