Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chamilo: CSRF Vulnerability in Project Deletion
Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Chamilo 跨站请求伪造漏洞
Vulnerability Description
Chamilo是Chamilo开源的一个学习管理系统。 Chamilo 1.11.34之前版本存在跨站请求伪造漏洞,该漏洞源于项目删除等敏感操作缺少反CSRF保护,可能导致跨站请求伪造攻击,进而未经用户同意删除课程内项目。
CVSS Information
N/A
Vulnerability Type
N/A