(CVE-2023-3368) Chamilo LMS Unauthenticated Command Injection
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-3533) Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write
November 28, 2023 · 7 min · Ngo Wei Lin (@Creastery)
(CVE-2023-3545) Chamilo LMS Htaccess File Upload Security Bypass
November 28, 2023 · 4 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
November 28, 2023 · 4 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4221) Chamilo LMS Learning Path PPT2LP OpenofficePresentation Command Injection
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4222) Chamilo LMS Learning Path PPT2LP OpenofficeTextDocument Command Injection
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4223) Chamilo LMS Document Ajax File Upload Functionality Remote Code Execution
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4224) Chamilo LMS Dropbox Ajax File Upload Functionality Remote Code Execution
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4225) Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-4226) Chamilo LMS Work Ajax File Upload Functionality Remote Code Execution
November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)
(CVE-2023-1713) Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation
November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1714) Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
November 1, 2023 · 20 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1715 & CVE-2023-1716) Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page
November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1717) Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution
November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1718) Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access
November 1, 2023 · 5 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1719) Bitrix24 Insecure Global Variable Extraction
November 1, 2023 · 11 min · Lam Jun Rong & Li Jiantao (@CurseRed)
(CVE-2023-1720) Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload
November 1, 2023 · 5 min · Lam Jun Rong & Li Jiantao (@CurseRed)