Security Advisory

CVE-2023-4225

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-28 07:22:04

Last updated 2025-06-05 13:54:07

Assigner STAR_Labs

State PUBLISHED

Description

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

← Browse all CVEs View on cve.org ↗