Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
References
Configurations
History
15 Jun 2023, 17:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
References | (MISC) https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-109-2023-04-15-Moderate-impact-Moderate-risk-IDOR-in-workstudent-publication - Issue Tracking, Vendor Advisory | |
References | (MISC) https://github.com/chamilo/chamilo-lms/commit/0c1c29db18856a6f25e21d0405dda2c20b35ff3a - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
08 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-08 19:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-34958
Mitre link : CVE-2023-34958
CVE.ORG link : CVE-2023-34958
JSON object : View
Products Affected
chamilo
- chamilo_lms
CWE