PT-2023-28299 · Unknown · Chamilo Lms
Creastery
+1
·
Published
2023-11-28
·
Updated
2023-11-30
·
CVE-2023-4225
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Chamilo LMS versions prior to 1.11.24
Description
The issue concerns an unrestricted file upload in the
/main/inc/ajax/exercise.ajax.php endpoint, allowing authenticated attackers with a learner role to achieve remote code execution by uploading PHP files.Recommendations
For versions prior to 1.11.24, update to a version that contains a fix for this issue to prevent remote code execution via unrestricted file uploads.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo Lms