Chamilo LMS File Upload Functionality Remote Code Execution
CVE-2023-4225
8.8HIGH
What is CVE-2023-4225?
The Chamilo LMS has a vulnerability in the '/main/inc/ajax/exercise.ajax.php' script that allows authenticated users, specifically those with learner roles, to upload malicious PHP files. This unrestricted file upload leads to potential remote code execution on the server, posing significant security risks. Users are encouraged to review the latest patches and updates to ensure their systems are protected.
Affected Version(s)
Chamilo 0 <= 1.11.24
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Ngo Wei Lin (@Creastery) of STAR Labs SG Pte. Ltd. (@starlabs_sg)