HomePentest-Tools.com Logo

Chamilo LMS 1.11.x <= 1.11.18 Multiple Vulnerabilities CVE-2023-31799CVE-2023-31800CVE-2023-31801CVE-2023-31802CVE-2023-31803CVE-2023-31804CVE-2023-31805CVE-2023-31806CVE-2023-31807CVE-2023-34944CVE-2023-34958CVE-2023-34959CVE-2023-34961CVE-2023-34962

Severity
CVSSv3 Score
8.1
Vulnerability description

Chamilo LMS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2023-31799: An administrator could edit system announcements and insert XSS attacks. - CVE-2023-31800: Teachers and students through student group could add XSS into a forum title. - CVE-2023-31801: XSS through links pointing at the skills wheel. - CVE-2023-31802: A user could add XSS to his/her own profile on the social network. - CVE-2023-31803: An administrator could edit resources sequencing and insert XSS attacks. - CVE-2023-31804: XSS attacks in course category edition, specifically targeting Chamilo administrators. - CVE-2023-31805: An administrator could edit links on the homepage and insert XSS attacks. - CVE-2023-31806: A User could add XSS into its personal notes. - CVE-2023-31807: An attacker is able to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. - CVE-2023-34944: Cross-site scripting (XSS) through SVG. - CVE-2023-34958: Incorrect access control allows a student subscribed to a given course to download documents belonging to another student if they know the documents ID. - CVE-2023-34959: An issue allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools. - CVE-2023-34961: Cross-site scripting (XSS) vulnerability via the /feedback/comment field. - CVE-2023-34962: Incorrect access control allows a student to arbitrarily access and modify another students personal notes.

Recommendation

See the referenced vendor advisory for a solution.

References
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-99-2023-04-11-Low-impact-Low-risk-XSS-in-system-announcementshttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-102-2023-04-11-Low-impact-Moderate-risk-XSS-in-forum-titleshttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-97-2023-04-11-Low-impact-High-risk-XSS-in-skills-wheelhttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-104-2023-04-11-Moderate-impact-High-risk-XSS-in-personal-profilehttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-100-2023-04-11-Low-impact-Low-risk-XSS-in-resources-sequencinghttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-96-2023-04-06-Low-impact-Moderate-risk-XSS-in-course-categorieshttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-98-2023-04-11-Low-impact-Low-risk-XSS-in-homepage-editionhttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-103-2023-04-11-Low-impact-Moderate-risk-XSS-in-My-progress-tabhttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-101-2023-04-11-Low-impact-Low-risk-XSS-in-personal-notes-and-teacher-noteshttps://support.chamilo.org/projects/1/wiki/Security_issues#Issue-109-2023-04-15-Moderate-impact-Moderate-risk-IDOR-in-workstudent-publicationhttps://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-toolshttps://support.chamilo.org/projects/1/wiki/Security_issues#Issue-105-2023-04-15-Low-impact-Moderate-risk-XSS-in-student-work-commentshttps://support.chamilo.org/projects/1/wiki/Security_issues#Issue-106-2023-04-15-Moderate-impact-Moderate-risk-A-student-can-access-and-modify-another-students-personal-noteshttps://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG
Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 9, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available