Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining course creation and management privileges. This vulnerability is fixed in 1.11.38.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

特权管理不恰当

Chamilo LMS 安全漏洞

Chamilo LMS是Chamilo开源的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 1.11.38之前版本存在安全漏洞，该漏洞源于任何具有REST API密钥的经过身份验证的用户可以通过update_user_from_username端点修改自己的状态字段，可能导致学生获得课程创建和管理权限。

N/A

N/A