CVE Catalog

CVE-2023-39061

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

A CSRF vulnerability in Chamilo versions 1.11 through 1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. The flaw stems from insufficient cross-site request forgery protections.

Risk Assessment

The organization risks system takeover by a privileged user, potentially leading to data theft, content modification, or complete compromise of the e-learning platform's integrity.

Recommendation

Immediately upgrade Chamilo to version 1.11.21 or later, which includes a fix for the CSRF vulnerability. Additionally, implement CSRF tokens and Origin header validation as defense-in-depth measures.

Original NVD description (English source)

Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS