Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Missing Authorization Vulnerability (CVE-2025-59544)

Description

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issue has been patched in version 1.11.34.

Remediation

References

Related Vulnerabilities

Drupal Core 9.0.x Cross-Site Request Forgery (9.0.0 - 9.0.14)

Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725)

WordPress Plugin WordPress Comments Import & Export CSV Injection (2.0.4)

MySQL CVE-2013-2381 Vulnerability (CVE-2013-2381)

WordPress 4.0.x Arbitrary File Deletion Vulnerability (4.0 - 4.0.23)

Severity

Medium

Classification

CVE-2025-59544 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities