PT-2021-10839 · Unknown · Chamilo Lms

Hoang Kien

Published

2021-05-05

Updated

2021-05-07

CVE-2020-23127

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chamilo LMS version 1.11.10

Description The issue is related to Cross Site Request Forgery (CSRF) via the edit user function, which can be exploited by targeting an admin user. This allows for unauthorized actions to be performed on behalf of the admin.

Recommendations For Chamilo LMS version 1.11.10, consider disabling the edit user function until a patch is available to prevent CSRF attacks. Restrict access to admin user accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-23127

Affected Products

Chamilo Lms

PT-2021-10839 · Unknown · Chamilo Lms

CVE-2020-23127

Weakness Enumeration

Related Identifiers

Affected Products

References · 5