CVE-2026-33737 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 simplexml_load_string xml external entity reference (GHSA-c4ww-qgf2-v89j)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Chamilo LMS up to 1.11.37/2.0.0-RC.2. Affected is the function simplexml_load_string. Executing a manipulation can lead to xml external entity reference.

This vulnerability appears as CVE-2026-33737. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-33737 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 simplexml_load_string xml external entity reference (GHSA-c4ww-qgf2-v89j)

Post correlati

CVE-2025-21380 | Microsoft Marketplace SaaS access control

CVE-2025-5940 | Osom Blocks Plugin up to 1.2.1 on WordPress class_name cross site scripting

CVE-2024-11945 | Email Reminders Plugin up to 2.0.4 on WordPress id cross site scripting

CVE-2024-20404 | Cisco Unified Contact Center Enterprise Web-Based Management Interface server-side request forgery (cisco-sa-finesse-ssrf-rfi-Um7wT8Ew)