CVE-2023-3545

2023-11-2807:15:42

CWE-178

[email protected]

web.nvd.nist.gov

cve-2023-3545

chamilo lms

file upload

remote code execution

unauthenticated attackers

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

Affected configurations

NVD

Node

chamilochamiloRange≤1.11.20

CPENameOperatorVersion
chamilo:chamilochamilole1.11.20

CPE	Name	Operator	Version
chamilo:chamilo	chamilo	le	1.11.20

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Chamilo",
    "repo": "https://github.com/chamilo/chamilo-lms/",
    "vendor": "Chamilo",
    "versions": [
      {
        "lessThanOrEqual": "1.11.20",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549

starlabs.sg/advisories/23/23-3545/

support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545