Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Missing Authorization Vulnerability (CVE-2025-59544)

Description

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issue has been patched in version 1.11.34.

Remediation

References

Related Vulnerabilities

Jboss EAP CVE-2022-2764 Vulnerability (CVE-2022-2764)

Oracle Database Server CVE-2019-2734 Vulnerability (CVE-2019-2734)

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.1)

WordPress Plugin Adblock Blocker Arbitrary File Upload (0.0.1)

Severity

Medium

Classification

CVE-2025-59544 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities