Description
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple History Information Disclosure (2.7.4)
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)
PHP Improper Input Validation Vulnerability (CVE-2014-3710)
WordPress Plugin GD bbPress Attachments Cross-Site Scripting (2.5)
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.7)