Description
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-0433 Vulnerability (CVE-2014-0433)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-30153)
MediaWiki Incorrect Authorization Vulnerability (CVE-2021-41801)