Introduction:
Chamilo, a popular Learning Management System (LMS), has been found vulnerable to a security flaw that could allow a student to download another students' documents without proper access permissions. This vulnerability is being tracked under identifier CVE-2023-34958 and exists in versions 1.11.* up to 1.11.18 of Chamilo.

Description:
The vulnerability arises due to incorrect access control in the affected versions of Chamilo. This allows a student who is subscribed to a specific course to download documents that belong to another student, provided they know the document's ID.

Original references:
1. Official Chamilo GitHub Repository Issue
2. Chamilo Website

Exploit details:
The exploit involves a malicious student exploiting the insufficient access control checks and simply changing the document_id parameter in the URL to download another student's document knowing its ID.

Using a student's account in Chamilo, the URL to download a document looks like below

https://example.com/chamilo/courses/COURSE123/document/document_id/123

An attacker can replace the '123' with the desired document_id, thereby gaining unauthorized access.

Mitigation

To mitigate this vulnerability, ensure that you update your Chamilo installation to the latest version (1.11.18+). Developers have addressed this issue by implementing proper access control checks to ensure that only authorized users can download any given document.

In conclusion, the CVE-2023-34958 vulnerability poses a significant risk to the privacy of students using the Chamilo platform. It is essential for administrators of the affected LMS to apply the necessary updates or patches as soon as possible to prevent unauthorized access to sensitive data. As a student, you should ask system administrators to verify that their Chamilo installation is up to date and not vulnerable to this issue.

Don't forget to keep your software up-to-date, and stay safe!

Timeline

Published on: 06/08/2023 19:15:00 UTC
Last modified on: 06/15/2023 17:30:00 UTC