CNNVD-202601-2972 Information

Jan 18, 2026 cve

CNNVD ID

CNNVD-202601-2972

CVE-2026-1106

CNNVD Published: 2026-01-18

Description (Chinese)

Chamilo LMS是Chamilo开源的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 2.0.0 Beta 1及之前版本存在授权问题漏洞，该漏洞源于对文件src/CoreBundle/Controller/SocialController.php中组件Legal Consent Handler的函数deleteLegal的参数userId的错误操作，可能导致授权不当。

Description (English)

Chamilo LMS is an open-source online learning and collaboration system for the open source of Chamilo. The system supports the creation of teaching content, distance training and online responses. There is a mandate gap in Chamilo LMS 2.0.0 Beta 1 and earlier versions, which stems from an error in the use of the parameter userId of the Legal Consent Handler component of document src/CoreBundle/Controller/SocialController.php, which could lead to improper authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Chamilo

Published

2026-01-18

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/w92t1Q0a74Gj https://vuldb.com/?ctiid.341698 https://vuldb.com/?id.341698 https://vuldb.com/?submit.731510 https://access.redhat.com/security/cve/cve-2026-1106

Share on: