CVE-2026-33618 | Chamilo LMS up to 2.0.0-RC.2 /platform-config/list decodeSettingArray eval injection

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability described as critical has been identified in Chamilo LMS up to 2.0.0-RC.2. This affects the function PlatformConfigurationController::decodeSettingArray of the file /platform-config/list. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code.

The identification of this vulnerability is CVE-2026-33618. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-33618 | Chamilo LMS up to 2.0.0-RC.2 /platform-config/list decodeSettingArray eval injection

Post correlati

CVE-2024-47522 | OISF Suricata up to 7.0.6 TLS/QUIC assertion

CVE-2025-53931 | LabRedesCefetRJ WeGIA up to 3.4.4 adicionar_raca.php raca cross site scripting

CVE-2026-4039 | OpenClaw 2026.2.19-2 Skill Env applySkillConfigenvOverrides code injection (GHSA-82g8-464f-2mv7)

CVE-2024-28112 | Peering Manager up to 1.8.2 name cross site scripting (GHSA-fmf5-24pq-rq2w)