WEB Chamilo LMS bigUpload.php unauthenticated Arbitrary File Upload RCE (CVE-2023-4220)

Rule ID

1235377

Severity

Medium

Description

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2023-4220

msf

T1059

T1210

T0866

Keywords

N/A

Date Created

2024/07/23

Last Updated

2025/02/26

This website uses cookies to ensure you get the best experience on our website.

Learn more