Vulnerability Details : CVE-2023-4225
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Vulnerability category: Execute code
Products affected by CVE-2023-4225
- cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4225
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4225
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
STAR Labs SG Pte. Ltd. | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-4225
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- info@starlabs.sg (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-4225
-
https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f
Security: Add redirect to .htaccess to avoid direct access to biguplo… · chamilo/chamilo-lms@e864127 · GitHubPatch
-
https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a
Security: Sanitize file name when uploading chunks with bigUpload (2) · chamilo/chamilo-lms@f3d62b6 · GitHubPatch
-
https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4
System: Security: Add header rule to avoid MIME-sniffing · chamilo/chamilo-lms@6f32625 · GitHubPatch
-
https://starlabs.sg/advisories/23/23-4225
(CVE-2023-4225) Chamilo LMS Exercise Ajax File Upload Functionality Remote Code Execution | STAR LabsExploit;Third Party Advisory
-
https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226
Security issues - Chamilo LMS - Chamilo Tracking SystemIssue Tracking;Vendor Advisory
Jump to