Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chamilo: Unauthorized access to update category of any user
Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issue has been patched in version 1.11.34.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Chamilo 安全漏洞
Vulnerability Description
Chamilo是Chamilo开源的一个学习管理系统。 Chamilo 1.11.34之前版本存在安全漏洞,该漏洞源于更新用户类别功能缺少对category_id参数的授权检查,可能导致用户更新任意用户的类别。
CVSS Information
N/A
Vulnerability Type
N/A