CVE-2020-23127

HIGH

Chamilo LMS 1.11.10 - Cross-Site Request Forgery via edit_user Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23127. PoCs published by patrickhalasik.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-23127, demonstrating a CSRF vulnerability. It uses Docker to set up a vulnerable environment and shows how an attacker can change a user's role via a crafted POST request.

Description

Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.

Exploits (1)

nomisec WORKING POC
by patrickhalasik · poc
https://github.com/patrickhalasik/cve-2020-23127-PoC

This repository contains a proof-of-concept for CVE-2020-23127, demonstrating a CSRF vulnerability. It uses Docker to set up a vulnerable environment and shows how an attacker can change a user's role via a crafted POST request.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Unknown (CSRF vulnerability in a web application)
Auth required
Prerequisites: Docker installed · Files from the repository (compose.yaml, dump.sql, dump-updated.sql)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 8.8
EPSS 0.0078
EPSS Percentile 51.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
chamilo/chamilo_lms 1.11.10
Published May 06, 2021
Tracked Since Feb 18, 2026