PT-2023-25204 · Unknown · Chamilo Lms

Creastery

Publicado

2023-11-28

Atualizado

2023-12-05

CVE-2023-3533

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.20

Description The issue concerns a path traversal vulnerability in the file upload functionality, specifically in the /main/webservices/additional webservices.php endpoint. This allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.

Recommendations For versions prior to 1.11.20, update to a version that contains a fix for this issue to prevent path traversal and subsequent remote code execution. As a temporary workaround, consider restricting access to the /main/webservices/additional webservices.php endpoint to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-3533

Produtos afetados

Chamilo Lms

PT-2023-25204 · Unknown · Chamilo Lms

CVE-2023-3533

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5