(CVE-2023-4224) Chamilo LMS Dropbox Ajax File Upload Functionality Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4224 CVE Description Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4225) Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4225 CVE Description Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-4226) Chamilo LMS Work Ajax File Upload Functionality Remote Code Execution

Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4226 CVE Description Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files....

November 28, 2023 · 5 min · Ngo Wei Lin (@Creastery)

(CVE-2023-1713) Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation

Summary Product Bitrix24 Vendor Bitrix24 Severity High Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1713 CVE Description Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted “....

November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)

(CVE-2023-1714) Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction

Summary: Product Bitrix24 Vendor Bitrix24 Severity High Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1714 CVE Description Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization....

November 1, 2023 · 20 min · Lam Jun Rong & Li Jiantao (@CurseRed)

(CVE-2023-1715 & CVE-2023-1716) Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page

Summary: Product Bitrix24 Vendor Bitrix24 Severity Critical Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1715 & CVE-2023-1716 CVE Description (CVE-2023-1715): A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload....

November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)

(CVE-2023-1717) Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution

Summary: Product Bitrix24 Vendor Bitrix24 Severity Critical Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1717 CVE Description Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting __proto__[tag] and __proto__[text]....

November 1, 2023 · 9 min · Lam Jun Rong & Li Jiantao (@CurseRed)