top of page
perceptive_background_267k.jpg

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allow…

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 17:01:35

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications, Identity & Access

A logic vulnerability in Chamilo learning management system version prior to 1.11.30 allows authenticated users to bypass the friend request workflow in the social network module. Attackers can forcibly add any user as a friend by directly calling AJAX endpoints, circumventing normal approval processes. The vulnerability breaks access control mechanisms and can even allow addition of non-existent users. This creates privacy implications and undermines social interaction security. The issue has been patched in version 1.11.30.

Technical details

Mitigation steps:

Affected products:

Chamilo LMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-52469
https://github.com/chamilo/chamilo-lms/commit/39e0fa88a2ba5dd197e0d8ce7335730b666992a6
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m5xj-5xf3-rqch

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page