Login Sign Up

CVE-2021-40662

8.8 HIGH
Remote Code Execution CSRF

📋 TL;DR

This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated users into executing arbitrary commands on the server by clicking a malicious link. It affects Chamilo LMS administrators and users with sufficient privileges, potentially leading to full system compromise.

💻 Affected Systems

Products:
  • Chamilo LMS
Versions: 1.11.14 and potentially earlier versions
Operating Systems: All platforms running Chamilo LMS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction with malicious link while authenticated to Chamilo LMS

📦 What is this software?

Chamilo by Chamilo

View all CVEs affecting Chamilo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover through remote code execution, data theft, malware deployment, and lateral movement within the network.

🟠

Likely Case

Unauthorized command execution leading to data exfiltration, account compromise, or service disruption.

🟢

If Mitigated

Limited impact with proper CSRF protections, network segmentation, and least privilege principles in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires user to click crafted URL while authenticated; public proof-of-concept demonstrates RCE capability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.15 and later

Vendor Advisory: https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-83-2021-08-11-High-impact-Moderate-risk-Cross-Site-Request-Forgery-CSRF-leading-to-Remote-Code-Execution

Restart Required: No

Instructions:

1. Backup your Chamilo installation and database. 2. Download Chamilo LMS 1.11.15 or later from official sources. 3. Replace affected files with patched versions. 4. Verify installation integrity.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict attribute on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF attempts
  • Restrict network access to Chamilo LMS to trusted IP ranges only

🔍 How to Verify

Check if Vulnerable:

Check Chamilo version via admin panel or by examining version files in installation directory

Check Version:

Check /main/inc/conf/configuration.php or admin panel version display

Verify Fix Applied:

Verify installation of Chamilo 1.11.15 or later and test CSRF protections on form submissions

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to admin endpoints without referrer headers
  • Multiple failed CSRF token validations
  • Unexpected command execution in system logs

Network Indicators:

  • Outbound connections to suspicious IPs following Chamilo access
  • Unusual traffic patterns from Chamilo server

SIEM Query:

source="chamilo_logs" AND (event="csrf_failure" OR event="unauthorized_command")

📊 Metadata

CVE ID: CVE-2021-40662
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: March 21, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40662, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)