Vulnerability feed

Vulnerability

CVE-2023-4220

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-4220
Description:: Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Last updated date:: 12/04/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/04/2023
Reference url to background: https://starlabs.sg/advisories/23/23-4220

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/07/2024
Reference url to background: https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/08/2024
Reference url to background: https://github.com/insomnia-jacob/CVE-2023-4220

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/08/2024
Reference url to background: https://github.com/Ziad-Sakr/Chamilo-CVE-2023-4220-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/14/2024
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/chamilo_bigupload_webshell.rb

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |