Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document’s ID.
CPE | Name | Operator | Version |
---|---|---|---|
chamilo_lms | ge | 1.11.0 | |
chamilo_lms | le | 1.11.18 |