Privilege Escalation in Chamilo LMS by Chamilo Foundation
CVE-2022-27421

7.2HIGH

Key Information:

Vendor: Chamilo
Status: Chamilo Lms
Vendor: CVE Published:; 15 April 2022

What is CVE-2022-27421?

Chamilo LMS v1.11.13 contains a vulnerability in the user modification form that allows attackers to escalate their privileges to Platform Admin. The lack of proper validation makes it possible for unauthorized users to gain elevated access, potentially compromising the system. This poses a serious risk for organizations utilizing the platform, as it could lead to unauthorized actions within the LMS.

References

https://support.chamilo.org/projects/1/wiki/Security_issues

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2022
Vulnerability Reserved
Mar 21, 2022