Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)
WordPress Plugin BuddyPress Global Search Cross-Site Scripting (1.1.0)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)
Resin Application Server Other Vulnerability (CVE-2012-2967)
WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.32)