Improper access control

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

CVE-2019-1000017

Chamilo LMS (Chamilo-lms) versions 1.11.8 and earlier are affected by an Incorrect Access Control vulnerability in the Tickets component. An authenticated user can read all tickets on the platform due to missing access restrictions, exploitable via the ticket_id parameter. The issue has been fixe...

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

JSP Tickets SQL Injection Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions . JSP Tickets component is used in which a set of ticket system components. A SQL injection vulnerability exists in version 1.1...