Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: XSRF #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. The application is vulnerable to XSRF attacks. If an attacker is able to lure a user into clicking a crafted link or by embedding such a link within web pages he could control the user's actions. #Proof of Concept (PoC): ------------------------------------
-- Regards, *Joel V*