Description

Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.

Remediation

References

CVE-2022-27421

Related Vulnerabilities

WordPress Plugin Notification-Custom Notifications and Alerts for WordPress Cross-Site Scripting (7.2.4)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Security Bypass (3.10.15)

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

WordPress Plugin Meow Gallery (+ Gallery Block) Security Bypass (4.1.9)

WordPress Plugin Content Control-User Access Restriction Cross-Site Scripting (1.1.9)

Severity

High

Classification

CVE-2022-27421 CWE-269 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities