2026-04-10 18:52:54
GitHub_M
PUBLISHED
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a users email can compute the reset token and change the victims password without authentication. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.