Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2904 Vulnerability (CVE-2020-2904)
WordPress Plugin WP Inimat Cross-Site Scripting (1.0)
WordPress Plugin Events Calendar 'ec_management.class.php' Cross-Site Scripting (6.7.11)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.35)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)