Chamilo LMS Htaccess File Upload Security Bypass
CVE-2023-3545

9.8CRITICAL

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
28 November 2023

What is CVE-2023-3545?

An improper sanitisation flaw in the main/inc/lib/fileUpload.lib.php file of Chamilo LMS allows unauthenticated attackers to bypass security protocols designed to regulate file uploads. This vulnerability specifically affects installations on Windows and Apache, enabling malicious users to upload an .htaccess file, resulting in potential remote code execution. It can be exploited in conjunction with other vulnerabilities, like unauthenticated arbitrary file write issues, to escalate the attack and gain unauthorized access.

Affected Version(s)

Chamilo Windows 0 <= 1.11.20

References

https://support.chamilo.org/projects/chamilo-18/wiki/secu...
vendor-advisory
https://starlabs.sg/advisories/23/23-3545/
third-party-advisory
https://github.com/chamilo/chamilo-lms/commit/dc7bfce429f...
patch

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ngo Wei Lin (@Creastery) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
.
CVE-2023-3545 : Chamilo LMS Htaccess File Upload Security Bypass