anonhaven
Ad

CVE-2026-34370

MEDIUM CVSS 3.1: 6.5
Updated Apr 17, 2026
Chamilo
Parameter Value
CVSS 6.5 (MEDIUM)
Affected Versions before 2.0.0
Fixed In 2.0.0
Type CWE-285 (Improper Authorization), CWE-639 (Authorization Bypass)
Vendor Chamilo
Public PoC No

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating the notebook_id parameter in the editnote action. The application fetches the note content using only the supplied integer ID without verifying that the requesting user owns the note, and the full title and HTML body are rendered in the edit form and returned to the attacker's browser.

While ownership checks exist in the write paths (updateNote() and delete_note()), they are entirely absent from the read path (get_note_information()). This issue has been fixed in version 2.0.0-RC.3.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-285 Improper Authorization
CWE-639 Authorization Bypass

References 2

https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3
security-advisories@github.com
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-fm35-2hvw-564q
security-advisories@github.com
Share Post Share Share Share