File Deletion Vulnerability in Chamilo Learning Management System
CVE-2012-4030

7.5HIGH

Key Information:

Vendor: Chamilo
Status: Chamilo Lms
Vendor: CVE Published:; 10 January 2020

What is CVE-2012-4030?

Chamilo Learning Management System versions prior to 1.8.8.6 have a vulnerability in the index.php script that fails to adequately validate user-supplied input. This oversight allows remote attackers to exploit the system, potentially leading to the deletion of arbitrary files on the server. As a result, unauthorized users may disrupt critical operations by manipulating input parameters, highlighting the importance of implementing robust input validation mechanisms to secure web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78054

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2020
Vulnerability Reserved
Jul 17, 2012