Security Advisory

CVE-2026-33705

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 18:32:45

Last updated 2026-04-15 15:02:39

Assigner GitHub_M

State PUBLISHED

Description

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. This vulnerability is fixed in 1.11.38.

← Browse all CVEs View on cve.org ↗