CVE-2024-50337

Published March 2nd, 2026

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

chamilo/chamilo-lms

Chamilo is a learning management system focused on ease of use and accessibility

GitHub

958