Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Chamilo Missing Authorization Vulnerability - CVE-2019-1000017 - Vulnerability Database
Chamilo

Chamilo Missing Authorization Vulnerability - CVE-2019-1000017

Medium
Reference: CVE-2019-1000017
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-1000017
Title: Chamilo Missing Authorization Vulnerability
Overview:

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform due to lack of access controls. This attack appears to be exploitable via ticket_idticket number. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.