CVE-2026-28430 | Chamilo LMS up to 1.11.33 Legacy Password Reset custom_dates sql injection

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Chamilo LMS up to 1.11.33 and classified as critical. This affects an unknown part of the component Legacy Password Reset Handler. Such manipulation of the argument custom_dates leads to sql injection.

This vulnerability is referenced as CVE-2026-28430. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-28430 | Chamilo LMS up to 1.11.33 Legacy Password Reset custom_dates sql injection

Post correlati

CVE-2024-8915 | Category Icon Plugin up to 1.0.0 on WordPress SVG File Upload cross site scripting

CVE-2025-27681 | Vasion Print Virtual Appliance Host Client Inter-Process Security Privilege Escalation

CVE-2024-30279 | Adobe Acrobat Reader DC JPEG2000 File Parser out-of-bounds write

CVE-2025-14002 | WPCOM Member Plugin up to 1.7.16 on WordPress One-Time Password excessive authentication