Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
WordPress Plugin All Post Contact Form Arbitrary File Upload (1.1.4)
WordPress Plugin Migration, Backup, Staging-WPvivid Security Bypass (0.9.35)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (3.3.2)
WordPress Plugin Blog social sharing component Cross-Site Scripting (1.4.4)
Oracle Database Server CVE-2007-5509 Vulnerability (CVE-2007-5509)