PT-2018-15311 · Chamilo · Chamilo Lms

Published

2018-12-21

Updated

2019-01-07

CVE-2018-20328

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Chamilo LMS version 1.11.8

Description The issue allows authenticated users to affect other users under specific conditions of permissions granted by administrators. It is considered low risk due to the nature of the feature it exploits. The problem is related to the social groups tool in the main/social/group view.php file.

Recommendations For Chamilo LMS version 1.11.8, consider restricting access to the social groups tool until a fix is available, or apply specific configuration changes to limit the permissions that can be granted by administrators to mitigate the risk.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-20328

Affected Products

Chamilo Lms

PT-2018-15311 · Chamilo · Chamilo Lms

CVE-2018-20328

Weakness Enumeration

Related Identifiers

Affected Products

References · 4