Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Chamilo Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability - CVE-2026-33705 - Vulnerability Database
Chamilo

Chamilo Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability - CVE-2026-33705

Medium
Reference: CVE-2026-33705
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-33705
Title: Chamilo Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability
Overview:

Chamilo LMS is a learning management system. Prior to 1.11.38 Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic variable names AJAX endpoint URLs and admin panel structure. This vulnerability is fixed in 1.11.38.