CVE-2026-35196 | Chamilo LMS up to 2.0.0-RC.2 gradebook.ajax.php api_get_course_id _cid os command injection

A vulnerability was found in Chamilo LMS up to 2.0.0-RC.2. It has been rated as critical. This issue affects the function api_get_course_id of the file main/inc/ajax/gradebook.ajax.php. The manipulation of the argument _cid leads to os command injection.

This vulnerability is documented as CVE-2026-35196. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More