Access Control Flaw in Chamilo Learning Management System
CVE-2024-30619

Currently unrated

Key Information:

Vendor: Chamilo
Status: Chamilo LMS
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-30619?

Chamilo LMS Version 1.11.26 is insecure due to an Incorrect Access Control vulnerability. This issue enables unauthorized individuals to query sensitive information, such as the count of messages and the number of online users, through specific AJAX endpoints. Attackers can exploit this vulnerability without authentication, potentially compromising user privacy and system integrity.

References

https://github.com/chamilo/chamilo-lms/commit/bef68ffe055...

https://github.com/bahadoumi/Vulnerability-Research/tree/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024
Vulnerability Reserved
Mar 27, 2024