4 matches found
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...
CVE-2025-52469 Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. The attacker can bypass the normal fl...
Chamilo 安全漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained security vulnerabilities. These vulnerabilities stemmed from logical flaws in the friend request workflow of the social networking module, which could allow authenticated user...
CVE-2021-22449
There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device...