CVE-2024-30619

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 4, 2024
Updated: Nov 5, 2024

Summary

CVE-2024-30619 represents a vulnerability in Chamilo Learning Management System Version 1.11.26. This issue involves Incorrect Access Control, allowing unauthenticated attackers to access sensitive information. Specifically, they can retrieve the number of messages and the number of online users by making requests to the "/main/inc/ajax/message.ajax.php?a=get_count_message" and "/main/inc/ajax/online.ajax.php?a=get_users_online" endpoints without proper authorization. The consequences of this vulnerability could include information disclosure, potentially leading to further attacks. System administrators are recommended to update their Chamilo LMS installations promptly to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share