CVE-2024-30616
📋 TL;DR
Chamilo LMS 1.11.26 has an incorrect access control vulnerability in the profile management component that allows non-admin users to manipulate sensitive profile information. This affects all Chamilo LMS installations running the vulnerable version, potentially compromising user data integrity and privacy.
💻 Affected Systems
- Chamilo LMS
📦 What is this software?
Chamilo Lms by Chamilo
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify administrator profiles, escalate privileges, alter critical user data, or compromise the entire learning management system's integrity.
Likely Case
Unauthorized users modifying other users' profile information, potentially changing contact details, passwords, or personal data without permission.
If Mitigated
With proper access controls and monitoring, unauthorized modifications would be detected and prevented, limiting impact to minor data inconsistencies.
🎯 Exploit Status
Exploitation requires authenticated user access but minimal technical skill. The vulnerability is in the main/auth/profile endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit a1a1e4df70dc65ae4fc7857135f4d3ee185548e7
Vendor Advisory: https://github.com/chamilo/chamilo-lms/commit/a1a1e4df70dc65ae4fc7857135f4d3ee185548e7
Restart Required: No
Instructions:
1. Update to the latest Chamilo LMS version or apply the specific commit. 2. Replace vulnerable files with patched versions from the official repository. 3. Verify access controls are properly enforced.
🔧 Temporary Workarounds
Restrict profile endpoint access
allTemporarily restrict access to the vulnerable main/auth/profile endpoint using web server configuration or application firewall rules.
# For Apache: add to .htaccess
<Location "/main/auth/profile">
Require admin
</Location>
# For Nginx: add to server block
location /main/auth/profile {
deny all;
}
🧯 If You Can't Patch
- Implement strict role-based access controls and audit all profile modification activities.
- Monitor and alert on unauthorized profile changes through logging and SIEM integration.
🔍 How to Verify
Check if Vulnerable:
Check if running Chamilo LMS version 1.11.26 and test if non-admin users can modify other users' profiles through the main/auth/profile endpoint.Check Version:
Check Chamilo version in the system information panel or review the main/inc/conf/configuration.php file for version details.Verify Fix Applied:
After patching, verify that non-admin users cannot manipulate sensitive profile information and that proper access controls are enforced.📡 Detection & Monitoring
Log Indicators:
- Unauthorized profile modification attempts
- Access to main/auth/profile by non-admin users
- Unexpected profile data changes
Network Indicators:
- HTTP POST requests to /main/auth/profile from non-admin accounts
- Unusual profile update patterns
SIEM Query:
source="chamilo_logs" AND (uri_path="/main/auth/profile" AND user_role!="admin")