Access Control Flaw in Chamilo LMS Affecting User Profiles
CVE-2024-30616

Currently unrated

Key Information:

Vendor: Chamilo
Status: Chamilo Lms
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-30616?

A significant access control vulnerability affects Chamilo LMS version 1.11.26, enabling non-admin users to gain improper access to sensitive profile information through the main/auth/profile interface. This flaw allows unauthorized manipulation of user data, which can severely compromise overall data integrity and security within the platform. Organizations utilizing Chamilo LMS should prioritize patching this vulnerability to safeguard against potential exploitation.

References

https://github.com/chamilo/chamilo-lms/commit/a1a1e4df70d...

https://github.com/bahadoumi/Vulnerability-Research/tree/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024
Vulnerability Reserved
Mar 27, 2024