CVE-2020-23127
HIGHChamilo LMS 1.11.10 - Cross-Site Request Forgery via edit_user Function
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-23127. PoCs published by patrickhalasik.
AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2020-23127, demonstrating a CSRF vulnerability. It uses Docker to set up a vulnerable environment and shows how an attacker can change a user's role via a crafted POST request.
Description
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
Exploits (1)
nomisec
WORKING POC
by patrickhalasik · poc
https://github.com/patrickhalasik/cve-2020-23127-PoC
This repository contains a proof-of-concept for CVE-2020-23127, demonstrating a CSRF vulnerability. It uses Docker to set up a vulnerable environment and shows how an attacker can change a user's role via a crafted POST request.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target:
Unknown (CSRF vulnerability in a web application)
Auth required
Prerequisites:
Docker installed · Files from the repository (compose.yaml, dump.sql, dump-updated.sql)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html
Patch, Vendor Advisory x_refsource_confirm
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF
Scores
CVSS v3
8.8
EPSS
0.0078
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
chamilo/chamilo_lms
1.11.10
Published
May 06, 2021
Tracked Since
Feb 18, 2026