CVE-2026-33702 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 lp_ajax_save_item.php authorization

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability classified as problematic was found in Chamilo LMS up to 1.11.37/2.0.0-RC.2. Affected is an unknown function of the file lp_ajax_save_item.php. The manipulation results in authorization bypass.

This vulnerability is identified as CVE-2026-33702. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-33702 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 lp_ajax_save_item.php authorization

Post correlati

CVE-2025-32777 | volcano-sh volcano up to 1.9.0/1.10.1/1.11.1 Elastic Service allocation of resources

CVE-2025-4270 | TOTOLINK A720R 4.1.5cu.374 Config /cgi-bin/cstecgi.cgi topicurl information disclosure

CVE-2025-13442 | UTT 进取 750W up to 3.2.2-191225 /goform/formPdbUpConfig system policyNames command injection

CVE-2025-14884 | D-Link DIR-605 202WWB03 Firmware Update Service command injection