Security Advisory

CVE-2023-4220

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-28 07:11:47

Last updated 2024-08-02 07:17:12

Assigner STAR_Labs

State PUBLISHED

Description

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

← Browse all CVEs View on cve.org ↗