Zip Slip Vulnerability in Chamilo LMS by Chamilo Foundation
CVE-2022-40407

8.8HIGH

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
29 September 2022

What is CVE-2022-40407?

A zip slip vulnerability has been identified in the file upload functionality of Chamilo LMS v1.11. This flaw enables attackers to execute arbitrary code by exploiting crafted Zip files during upload. If successfully executed, this vulnerability can compromise the integrity of the system, allowing unauthorized access to sensitive data and potential system control. It is essential for users of Chamilo LMS to apply updates and patches to mitigate this security risk.

References

https://github.com/chamilo/chamilo-lms
x_refsource_MISC
https://support.chamilo.org/projects/chamilo-18/wiki/Secu...
x_refsource_CONFIRM
https://github.com/alexmackey/security-research/blob/main...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-40407 : Zip Slip Vulnerability in Chamilo LMS by Chamilo Foundation