Description
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wp Cookie Choice Cross-Site Request Forgery (1.1.0)
WordPress Plugin Custom Field Suite Cross-Site Request Forgery (2.5.15)
WordPress Plugin WP Inventory Manager Unspecified Vulnerability (1.8.1)
MongoDb Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6494)
PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)