|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-04-02 | |
| Rule Name: | Chamilo LMS 1.11.24 Remote Code Execution Vulnerability (CVE-2023-4220) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Chamilo LMS is an open-source online learning and collaboration system developed by the Chamilo Association. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS up to and including v1.11.24 have a security vulnerability. This vulnerability arises because the page “/main/inc/lib/javascript/bigupload/inc/bigUpload.php” contains an unrestricted file upload feature for large files. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch:https://github.com/chamilo/chamilo-lms/wiki#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220 |