{"id":36302,"date":"2026-01-19T12:36:38","date_gmt":"2026-01-19T12:36:38","guid":{"rendered":"http:\/\/localhost\/?p=36302"},"modified":"2026-01-19T12:36:38","modified_gmt":"2026-01-19T12:36:38","slug":"chamillo-lms-1112-missing-cache-header","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=36302","title":{"rendered":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047"},"content":{"rendered":"

{“lastseen”:”2026-01-19T17:44:55″,”description”:”Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure…”,”published”:”2026-01-19T00:00:00″,”modified”:”2026-01-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:214047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-69581″],”sourceData”:”# CVE-2025-69581\\n \\n An issue was discovered in Chamillo LMS 1.11.2. The Social Network \/personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks. Discovered by – Rivek Raj Tamang (RivuDon), Sikkim, India.\\n \\n \\u003cimg width=\\”389\\” height=\\”129\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/339dcc08-7c09-4024-9802-84703aa7893a\\” \/\\u003e\\n \\n **Affected Product: Chamilo LMS**\\n * Affected Version: 1.11.2\\n * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**\\n \\n ## Vulnerability Details\\n Information Disclosure\\n \\n # Summary\\n The vulnerability allows unauthorized access to sensitive user information in Overhang.IO Tutor (tutor-open-edx) version 20.0.2 due to improper client-side session handling and missing cache-control headers. After logging out, user-specific PII remains accessible simply by pressing the browser\u2019s back button, exposing sensitive account details without reauthentication. This flaw constitutes an Information Disclosure vulnerability and poses a risk to user privacy and session integrity.\\n \\n ## Steps to Reproduce\\n 1. Have a valid account\\n 2. Log in to the account\\n 3. Go to Social Network \\u003e Personal Data \\n 4. Click on user_info\\n 5. Note all the Sensitive PII Information\\n 6. Now simply click on logout and wait for the page to log out\\n 7. Now click on the browser back button Note all the PII Being disclosed clearly without any proper cache control\\n \\n # Acknowledgement \\n \\n This vulnerability was discovered and responsibly reported by:\\n \\n **Rivek Raj Tamang (RivuDon) from Sikkim, India** \\n \\n https:\/\/www.linkedin.com\/in\/rivektamang\/\\n \\n https:\/\/rivudon.medium.com\/”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214047″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214047\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-19T17:44:55″,”description”:”Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure…”,”published”:”2026-01-19T00:00:00″,”modified”:”2026-01-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:214047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-69581″],”sourceData”:”# CVE-2025-69581\\n \\n An issue was…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-36302","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=36302\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-19T17:44:55″,”description”:”Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure…”,”published”:”2026-01-19T00:00:00″,”modified”:”2026-01-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:214047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-69581″],”sourceData”:”# CVE-2025-69581n n An issue was...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=36302\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-19T12:36:38+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047\",\"datePublished\":\"2026-01-19T12:36:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302\"},\"wordCount\":426,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=36302#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302\",\"name\":\"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-19T12:36:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=36302\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=36302#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=36302","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem","og_description":"{“lastseen”:”2026-01-19T17:44:55″,”description”:”Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure…”,”published”:”2026-01-19T00:00:00″,”modified”:”2026-01-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header”,”source”:””,”references”:””,”id”:”PACKETSTORM:214047″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-69581″],”sourceData”:”# CVE-2025-69581n n An issue was...","og_url":"https:\/\/zero.redgem.net\/?p=36302","og_site_name":"zero redgem","article_published_time":"2026-01-19T12:36:38+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=36302#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=36302"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047","datePublished":"2026-01-19T12:36:38+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=36302"},"wordCount":426,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=36302#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=36302","url":"https:\/\/zero.redgem.net\/?p=36302","name":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-19T12:36:38+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=36302#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=36302"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=36302#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Chamillo LMS 1.11.2 Missing Cache Header_PACKETSTORM:214047"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/36302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36302"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/36302\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}