Remote Code Execution Vulnerability in Chamilo by Chamilo Foundation
CVE-2021-31933

7.2HIGH

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
30 April 2021

What is CVE-2021-31933?

A vulnerability exists in Chamilo LMS that allows an authenticated remote administrator to exploit improper input sanitization related to file uploads. The flaw occurs due to inadequate filtering of file extensions, enabling the upload of malicious files containing arbitrary PHP code. This security issue arises from the traversal of the main/inc/lib/fileUpload.lib.php directory, which can lead to unauthorized PHP code execution in specified directories. Administrators are highly urged to apply the relevant security updates to mitigate this risk.

References

https://support.chamilo.org/projects/1/wiki/Security_issu...
x_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/f65d065061a...
x_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/229302139e8...
x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-31933 : Remote Code Execution Vulnerability in Chamilo by Chamilo Foundation