CVE-2026-33737 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 simplexml_load_string xml external entity reference (GHSA-c4ww-qgf2-v89j)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Chamilo LMS up to 1.11.37/2.0.0-RC.2. Affected is the function simplexml_load_string. Executing a manipulation can lead to xml external entity reference.

This vulnerability appears as CVE-2026-33737. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-33737 | Chamilo LMS up to 1.11.37/2.0.0-RC.2 simplexml_load_string xml external entity reference (GHSA-c4ww-qgf2-v89j)

Post correlati

CVE-2026-5987 | Sanluan PublicCMS up to 6.202506.d FreeMarker Template AbstractFreemarkerView.java AbstractFreemarkerView.doRender special elements used in a template engine (Issue 113)

CVE-2023-48261 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 HTTP Request sql injection

CVE-2024-52273 | Tenda AC6V2 up to 15.03.06.50 setDoublePppoeConfig stack-based overflow

CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection