Chamilo LMS up to and including 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.
chamilo chamilo lms