Vulnerability Details : CVE-2023-4220
Public exploit exists!
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2023-4220
- cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4220
94.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-4220
-
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Disclosure Date: 2023-11-28First seen: 2024-12-06exploit/linux/http/chamilo_bigupload_webshellChamilo LMS is a free software e-learning and content management system. In versions prior to <= v1.11.24 a webshell can be uploaded via the bigload.php endpoint. If the GET request parameter `action` is set to `post-unsupported` file extension checks are skipped allow
CVSS scores for CVE-2023-4220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
STAR Labs SG Pte. Ltd. | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2023-4220
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- info@starlabs.sg (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-4220
-
https://github.com/chamilo/chamilo-lms/commit/3b487a55076fb06f96809b790a35dcdd42f8ec49
Security: BigUpload: Remove unused method to upload file · chamilo/chamilo-lms@3b487a5 · GitHubPatch
-
https://starlabs.sg/advisories/23/23-4220
(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution | STAR LabsExploit;Third Party Advisory
-
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-130-2023-09-04-Critical-impact-High-risk-Unauthenticated-users-may-gain-XSS-and-unauthenticated-RCE-CVE-2023-4220
Security issues - Chamilo LMS - Chamilo Tracking SystemIssue Tracking;Vendor Advisory
Jump to