Description

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

Remediation

References

CVE-2023-4226

Related Vulnerabilities

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

MySQL CVE-2016-5634 Vulnerability (CVE-2016-5634)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)

Artifactory Deserialization of Untrusted Data Vulnerability (CVE-2022-0573)

SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)

Severity

High

Classification

CVE-2023-4226 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities