Currently published 136 advisories.
(CVE-2023-4225) Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution
Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4225 CVE Description Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....