CVE-2023-3545

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.20

Description The issue is related to improper sanitisation in the main/inc/lib/fileUpload.lib.php file, which allows unauthenticated attackers to bypass file upload security protections. This can lead to remote code execution via the uploading of a .htaccess file. The vulnerability may be exploited by privileged attackers or chained with other vulnerabilities to achieve remote code execution.

Recommendations For versions prior to 1.11.20, update to a version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the fileUpload.lib.php file or disabling the file upload functionality until a patch is available.