Chamilo Missing Authorization Vulnerability - CVE-2025-59544
Reference:
CVE-2025-59544
Title:
Chamilo Missing Authorization Vulnerability
Overview:
Chamilo is a learning management system. Prior to version 1.11.34 the functionality for the user to update the category does not implement authorization checks for the quotcategory_idquot parameter which allows users to update the category of any user by replacing the quotcategory_idquot parameter. This issue has been patched in version 1.11.34.