Server-Side Request Forgery in Chamilo Learning Management System
CVE-2023-34959

5.3MEDIUM

Key Information:

Vendor: Chamilo
Status: Chamilo Lms
Vendor: CVE Published:; 8 June 2023

What is CVE-2023-34959?

A vulnerability in the Chamilo Learning Management System, specifically in versions up to v1.11.18, allows attackers to perform Server-Side Request Forgery (SSRF). This enables them to send crafted requests through the platform's social and links tools, potentially revealing sensitive information about running services on the server. By exploiting this flaw, unauthorized parties could gain insights into the server's internal infrastructure.

References

https://support.chamilo.org/projects/1/wiki/Security_issu...

https://github.com/chamilo/chamilo-lms/commit/ed946908fef...

https://github.com/chamilo/chamilo-lms/commit/cc278f01864...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2023
Vulnerability Reserved
Jun 7, 2023