Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
WordPress Plugin MemberSonic Lite Security Bypass (1.2)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-1753)
WordPress Plugin Custom Contact Forms Security Bypass (5.1.0.3)
Joomla CVE-2018-15881 Vulnerability (CVE-2018-15881)
Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)