Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8937
Scores
EPSS
0.0020
EPSS Percentile
41.3%
Details
CWE
CWE-352
Status
published
Products (1)
campusvirtualcomputrade/campus_virtual-lms
Published
Jun 22, 2009
Tracked Since
Feb 18, 2026