Skip to main content

Chamilo Lms CVE-2024-50337

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-02 security-advisories@github.com
SSRF Chamilo Lms
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 03, 2026 - 19:11 vuln.today
Public exploit code
Patch released
Mar 03, 2026 - 19:11 nvd
Patch available
CVE Published
Mar 02, 2026 - 15:16 nvd
MEDIUM 5.3

DescriptionNVD

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

AnalysisAI

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. [CVSS 5.3 MEDIUM]

Technical ContextAI

Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 1.11.28.. Restrict network access to the affected service where possible.

Share

CVE-2024-50337 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy