CVE-2023-4224

Publication date

2023-11-28 07:19:31

Family

STAR_Labs

State

PUBLISHED

Description

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.