CVE-2023-39061
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
A CSRF vulnerability in Chamilo versions 1.11 through 1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. The flaw stems from insufficient cross-site request forgery protections.
Risk Assessment
The organization risks system takeover by a privileged user, potentially leading to data theft, content modification, or complete compromise of the e-learning platform's integrity.
Recommendation
Immediately upgrade Chamilo to version 1.11.21 or later, which includes a fix for the CSRF vulnerability. Additionally, implement CSRF tokens and Origin header validation as defense-in-depth measures.
Original NVD description (English source)
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.

