CVE-2021-40662
HIGHChamilo LMS 1.11.14 - Cross-Site Request Forgery leading to Remote Code Execution
Title source: llmDescription
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-83-2021-08-11-High-impact-Moderate-risk-Cross-Site-Request-Forgery-CSRF-leading-to-Remote-Code-Execution
Exploit, Third Party Advisory x_refsource_misc
https://febin0x4e4a.wordpress.com/2022/03/22/cve-2021-40662-chamilo-lms-1-11-14-rce/
Exploit, Third Party Advisory x_refsource_misc
https://febinj.medium.com/cve-2021-40662-chamilo-lms-1-11-14-rce-5301bad245d7
Scores
CVSS v3
8.8
EPSS
0.0108
EPSS Percentile
61.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
chamilo/chamilo
1.11.14
Published
Mar 21, 2022
Tracked Since
Feb 18, 2026