Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-23128
CVE-2020-23128:
Chamilo vulnerability analysis and mitigation
Overview
Chamilo LMS 1.11.10 contains a privilege escalation vulnerability (CVE-2020-23128) that allows a user with Sessions administrator privileges to create a new user and then escalate that user's privileges to administrator level through improper privilege management (NVD, AttackerKB).
Technical details
The vulnerability exists in the user edit functionality of Chamilo LMS 1.11.10. A Sessions administrator can create a new user account and then modify the request body during the user edit operation to elevate the new user's privileges to administrator level. This is possible due to improper validation of privilege changes in the user edit function (ToanDang Blog).
Impact
The vulnerability allows privilege escalation from Sessions administrator to full administrator access. A malicious user could create new administrator accounts, potentially leading to complete compromise of the Chamilo LMS instance (NVD).
Additional resources
Source: This report was generated using AI
Related Chamilo vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management