VYPR
Unrated severityNVD Advisory· Published Nov 28, 2023· Updated Aug 2, 2024

Chamilo LMS Htaccess File Upload Security Bypass

CVE-2023-3545

Description

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Chamilo/Chamilo Lmsllm-fuzzy2 versions
    <=1.11.20+ 1 more
    • (no CPE)range: <=1.11.20
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.