Primary

Context

Chamilo LMS User Enumeration Vulnerability

Vulnerability

Patched

A user enumeration vulnerability has been identified in Chamilo LMS versions prior to 1.11.34. This issue allows an attacker to determine the validity of usernames based on the application's response, creating a potential vector for further attacks such as password guessing or phishing.

Impact

Exploitation of this vulnerability allows for user enumeration, where an attacker can differentiate between valid and invalid usernames based on the application's response.

Remediation

Users can upgrade to Chamilo LMS version 1.11.36 or later to address this vulnerability.

Added: Mar 16, 2026, 9:07 PM

Updated: Mar 16, 2026, 9:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

9.7

remediation

7.7

relevance

4.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

9.7

remediation

7.7

relevance

4.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chamilo LMS User Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Chamilo LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating