Tag
Chamilo LMS before 1.11.38 allows authenticated users with a REST API key to escalate their privileges by modifying their user status via the update_user_from_username endpoint, potentially granting unauthorized course management capabilities.