Description

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

Remediation

References

CVE-2023-4223

Related Vulnerabilities

WordPress Plugin Loco Translate Unspecified Vulnerability (2.5.4)

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

WordPress Plugin Images to WebP Multiple Vulnerabilities (1.8)

WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)

WordPress Plugin Slack-Chat Information Disclosure (1.5.5)

Severity

High

Classification

CVE-2023-4223 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities