Security Advisory

CVE-2023-4223

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-28 07:18:16

Last updated 2024-12-02 19:31:06

Assigner STAR_Labs

State PUBLISHED

Description

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

← Browse all CVEs View on cve.org ↗