Vulnerabilities > CVE-2023-34959 - Server-Side Request Forgery (SSRF) vulnerability in Chamilo LMS

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

chamilo

CWE-918

NVD

Published: 2023-06-08

Updated: 2023-06-15

Summary

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

Vulnerable Configurations

Part	Description	Count
Application	Chamilo Chamilo Chamilo LMS 1.11.0 Chamilo Chamilo LMS 1.11.2 Chamilo Chamilo LMS 1.11.4 Chamilo Chamilo LMS 1.11.6 Chamilo Chamilo LMS 1.11.8 Chamilo Chamilo LMS 1.11.10 Chamilo Chamilo LMS 1.11.12 Chamilo Chamilo LMS 1.11.14 Chamilo Chamilo LMS 1.11.16 Chamilo Chamilo LMS 1.11.18	30

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-tools
https://github.com/chamilo/chamilo-lms/commit/ed946908fef23e8aa4cefc28f745f3cd6710099f
https://github.com/chamilo/chamilo-lms/commit/cc278f01864948b1fb160e03f0a3dc0875d5f81f
https://github.com/chamilo/chamilo-lms/commit/ea5791ff8ce6ea45148a171b0da5348a7c415e6f