Security Advisory

CVE-2023-4226

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-28 07:21:40

Last updated 2024-08-02 07:17:12

Assigner STAR_Labs

State PUBLISHED

Description

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

← Browse all CVEs View on cve.org ↗