An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because pro…

A security vulnerability was discovered in Chamilo LMS version 1.11.2 affecting the Social Network /personal_data endpoint. The vulnerability stems from missing proper cache-control headers, which allows sensitive user information to remain accessible even after logout. Unauthorized users can exploit this by using the browser's back button to view confidential personal data of previously logged-in users on the same device. This creates significant privacy risks including potential for profiling, impersonation, and targeted attacks against users. The vulnerability affects user data confidentiality and could lead to serious privacy breaches in educational environments using the Chamilo LMS platform.