CVE-2019-13082

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions 1.11.8 and 2.x

Description The issue allows remote code execution through an unauthenticated file upload feature in lp upload.php. It extracts a ZIP archive before checking its content, and once extracted, does not check files in a recursive way. This enables an attacker to upload a .php file by placing it in a folder within a ZIP archive. The server accepts this file without checks, allowing access to it from the website and resulting in remote code execution. This is related to a scorm imsmanifest.xml file, the import package function, and extraction in $courseSysDir.$newDir.

Recommendations For Chamilo LMS version 1.11.8, consider disabling the lp upload.php file upload feature until a patch is available. For Chamilo LMS version 2.x, restrict access to the import package function to minimize the risk of exploitation.