PT-2021-20907 · Unknown · Chamilo Lms
Published
2021-12-03
·
Updated
2022-07-12
·
CVE-2021-35413
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Chamilo LMS version v1.11.x
Description:
A remote code execution (RCE) vulnerability in the course intro pdf import.php file allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
Recommendations:
For version v1.11.x, consider disabling access to the course intro pdf import.php file until a patch is available. Restrict the ability to upload or modify .htaccess files to prevent exploitation.
Exploit
Fix
RCE
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo Lms