Description

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

Remediation

References

CVE-2023-4225

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)

WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Request Forgery (6.1.4.1)

phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000419)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.2.7)

Severity

High

Classification

CVE-2023-4225 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities