Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)
IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)
Envoy Proxy Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-8660)