CVE-2023-4225
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-4225 is a critical vulnerability affecting Chamilo Learning Management System (LMS) versions prior to 1.11.24. An authenticated attacker with learner role can exploit an unrestricted file upload vulnerability in `/main/inc/ajax/exercise.ajax.php` to upload PHP files and execute remote code. This issue poses a significant risk, as it allows unauthorized code execution and potential data breaches. Attackers could use this vulnerability to gain administrative access, steal sensitive information, or launch further attacks on the affected system. It is strongly recommended that users of Chamilo LMS upgrade to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Chamilo Lms
Affected Vendors
- Chamilo