2 matches found
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...
CVE-2019-1000017
Chamilo LMS (Chamilo-lms) versions 1.11.8 and earlier are affected by an Incorrect Access Control vulnerability in the Tickets component. An authenticated user can read all tickets on the platform due to missing access restrictions, exploitable via the ticket_id parameter. The issue has been fixe...