Arbitrary file upload in Chamilo LMS

#VU83576 Arbitrary file upload in Chamilo LMS

Published: 2023-11-29

Vulnerability identifier: #VU83576

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4226

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Chamilo LMS
Client/Desktop applications / Other client software

Vendor: Chamilo

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the /main/inc/ajax/work.ajax.php script. A remote user can upload a malicious file and execute it on the server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Chamilo LMS: 1.11.0 - 1.11.24

External links
http://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226
http://starlabs.sg/advisories/23/23-4226
http://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4
http://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a
http://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Chamilo LMS