CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-33698 — Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack ...

·Source: NIST NVD

Updated:

Executive Summary

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11

Analysis

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38. CVSS Score: 9.8. Published: 2026-04-10T19:16:23.033.

Indicators of Compromise (1)

CVE (1)
CVE-2026-33698
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 10, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerability

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) "A

CVE-2026-20245
The Hacker News
MEDIUMVulnerability

Bipartisan AI Bill Targets Frontier Labs and State Regulators

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/bipartisan-ai-bill-targets-frontier-labs-state-regulators-image_small-1-a-31903.jpg" align=right hspace=4><b>House Draft Targets Frontier Labs with Audits While Blocking State AI Laws</b><br>A House discussion draft would impose safety mandates and independent audits on the country's most powerful AI developers, but the fight over

Bank Info Security
MEDIUMVulnerability

Passengers Seek Full Appeals Court Review in CrowdStrike Case

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/passengers-seek-full-appeals-court-review-in-crowdstrike-case-image_small-9-a-31902.jpg" align=right hspace=4><b>Appeal Faces Steep Statistical Odds Given Previous Court Rulings</b><br>Passengers affected by the July 2024 CrowdStrike outage are making a longshot bid to get their case reheard en banc, arguing that claims tied to th

Bank Info Security