CVE-2023-4225

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 28, 2023
Updated: Nov 30, 2023
CWE ID 434

Summary

CVE-2023-4225 is a critical vulnerability affecting Chamilo Learning Management System (LMS) versions prior to 1.11.24. An authenticated attacker with learner role can exploit an unrestricted file upload vulnerability in `/main/inc/ajax/exercise.ajax.php` to upload PHP files and execute remote code. This issue poses a significant risk, as it allows unauthorized code execution and potential data breaches. Attackers could use this vulnerability to gain administrative access, steal sensitive information, or launch further attacks on the affected system. It is strongly recommended that users of Chamilo LMS upgrade to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share