CVE-2026-31940

7.5 HIGH

Published: April 10, 2026 Modified: April 13, 2026

Description

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/chamilo/chamilo-lms/commit/ce0192c62e48c9d9474d915c541b3274844afbf9

Source: security-advisories@github.com

https://github.com/chamilo/chamilo-lms/commit/e337b7cc74a0276a0b4f91f9282204d20cac1869

Source: security-advisories@github.com

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4gp7-cfjh-77gv

Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

0.0%

11th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-384

Related CVEs

CVE-2026-34626 6.3

CVE-2026-34622 8.6

CVE-2026-27291 7.8

CVE-2026-27286 5.5

CVE-2026-27285 5.5