Home > Vulnerability Database > CVE-2023-4225

Mend.io Vulnerability Database

CVE-2023-4225

Good to know:

Date: November 28, 2023

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

Language: PHP

Severity Score

8.8

Related Resources (7)

Url: https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a

Url: https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226

Url: https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4

Url: https://starlabs.sg/advisories/23/23-4225

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4225

Url: https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f

Url: https://www.mend.io/vulnerability-database/CVE-2023-4225

Severity Score

8.8

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version v1.11.26

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4225

Good to know:

Date: November 28, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?