Skip to main content

Learning Management System CVE-2023-40607

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-10-06 audit@patchstack.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 06, 2023 - 15:15 nvd
HIGH 8.8

DescriptionNVD

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Affected products include: Cluevo Learning Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-37870 CRITICAL POC
9.8 Jul 09

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows

CVE-2021-25200 CRITICAL POC
9.8 Jul 30

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbit

CVE-2024-37840 HIGH POC
8.8 Jun 17

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Co

CVE-2021-25201 HIGH POC
7.5 Jul 23

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL stateme

CVE-2024-5519 MEDIUM POC
6.9 May 30

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. Rated me

CVE-2024-5588 MEDIUM POC
5.3 Jun 02

A vulnerability was found in itsourcecode Learning Management System 1.0. Rated medium severity (CVSS 5.3), this vulnera

CVE-2018-16971 MEDIUM POC
4.3 Sep 12

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-pu

CVE-2018-16970 MEDIUM POC
4.3 Sep 12

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-

CVE-2024-8001 MEDIUM
6.9 Nov 13

A vulnerability was found in VIWIS LMS 9.11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitabl

CVE-2026-12789 LOW
2.0 Jun 21

SQL injection in ILIAS Learning Management System 11.0 allows a remote, high-privileged attacker to manipulate database

Share

CVE-2023-40607 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy