Description
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Remediation
References
Related Vulnerabilities
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
WordPress Plugin Spiffy XSPF Player SQL Injection (0.1)
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)