Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure
Vulnerability Description
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Chamilo LMS 安全漏洞
Vulnerability Description
Chamilo LMS是Chamilo开源的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 2.0.0-RC.3之前版本存在安全漏洞,该漏洞源于任何经过身份验证的用户可以通过GET /api/users枚举所有平台用户并访问个人信息,包括管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A