CVE-2023-4220

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.24

Description The issue allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell, specifically through the big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php. This has been exploited in real-world incidents, such as the PermX machine on HackTheBox, where attackers used subdomain enumeration to discover a vulnerable Chamilo LMS instance, and then abused a bash script with sudo privileges to gain root access.

Recommendations For versions prior to 1.11.24, update to version 1.11.24 or later to resolve the issue. As a temporary workaround, consider disabling the big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php until a patch is available. Restrict access to the /main/inc/lib/javascript/bigupload/inc/bigUpload.php file to minimize the risk of exploitation. Avoid using the big file upload functionality until the issue is resolved.