5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References
- VDB-341698 | Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization vdb-entry technical-description
- VDB-341698 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
- Submit #731510 | Chamilo LMS <= v2.0.0 Beta 1 SocialController IDOR - Legal Consent Data Manipulat third-party-advisory
- https://note-hxlab.wetolink.com/share/w92t1Q0a74Gj exploit
Affected products
- ==2.0.0 Beta 1
Matching in nixpkgs
pkgs.lms
Lightweight Music Server - Access your self-hosted music using a web interface
pkgs.flmsg
Digital modem message program
pkgs.helmsman
Helm Charts (k8s applications) as Code tool
pkgs.lmstudio
LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)
pkgs.python312Packages.calmsize
Take a number of bytes and return a human-readable string
pkgs.python313Packages.calmsize
Take a number of bytes and return a human-readable string
pkgs.python312Packages.dlms-cosem
Python module to parse DLMS/COSEM
pkgs.python313Packages.dlms-cosem
Python module to parse DLMS/COSEM
pkgs.tests.testers.runCommand.dns-resolution
None
-
nixos-unstable -
- nixos-unstable-small kmw8c9hc5lms
pkgs.python312Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.python312Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.python313Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.python313Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.python312Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.python313Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.pkgsRocm.python3Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.pkgsRocm.python3Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.pkgsRocm.python3Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.python312Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
pkgs.python313Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
pkgs.pkgsRocm.python3Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
Package maintainers
-
@dysinger Tim Dysinger <tim@dysinger.net>
-
@sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com>
-
@Lynty Lynn Dong <ltdong93+nix@gmail.com>
-
@mksafavi MK Safavi <mksafavi@gmail.com>
-
@crertel Chris Ertel <chris@kedagital.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@jherland Johan Herland <johan@herland.net>