(CVE-2023-3533) Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.20 Tested Versions v1.11.20 (latest version as of writing) CVE Identifier CVE-2023-3533 CVE Description Path traversal in file upload functionality in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write....

November 28, 2023 · 7 min · Ngo Wei Lin (@Creastery)

(CVE-2023-3545) Chamilo LMS Htaccess File Upload Security Bypass

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.20 Tested Versions v1.11.20 (latest version as of writing) CVE Identifier CVE-2023-3545 CVE Description Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of ....

November 28, 2023 · 4 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4220 CVE Description Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell....

November 28, 2023 · 4 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4221) Chamilo LMS Learning Path PPT2LP OpenofficePresentation Command Injection

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4221 CVE Description Command injection in main/lp/openoffice_presentation.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4222) Chamilo LMS Learning Path PPT2LP OpenofficeTextDocument Command Injection

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4222 CVE Description Command injection in main/lp/openoffice_text_document.class.php in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4223) Chamilo LMS Document Ajax File Upload Functionality Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4223 CVE Description Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4224) Chamilo LMS Dropbox Ajax File Upload Functionality Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4224 CVE Description Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)