EUVD-2026-21543
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId parameter. This results in mass disclosure of sensitive user information and credentials, enabling a full platform data breach. This vulnerability is fixed in 2.0.0-RC.3.
Analysis
Insecure Direct Object Reference in Chamilo LMS allows authenticated users to access complete personal data and API tokens of any user by manipulating the userId parameter in the /social-network/personal-data/{userId} endpoint. Attack requires only low-privilege authentication (PR:L) and no user interaction, enabling mass disclosure of credentials and sensitive information across the entire platform. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Chamilo LMS deployments in use and confirm installed versions against the vulnerability scope (prior to 2.0.0-RC.3); immediately restrict API access to the /social-network/personal-data endpoint to administrative users only via WAF or application firewall rules. Within 7 days: Implement network-based access controls limiting /social-network/ endpoint access to administrative personnel; audit logs for suspicious userId parameter manipulation since system deployment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today