Lucene search

PRIOn knowledge basePRION:CVE-2022-40407

HistorySep 29, 2022 - 2:15 p.m.

Unrestricted file upload

2022-09-2914:15:00

PRIOn knowledge base

www.prio-n.com

zip slip

vulnerability

file upload

chamilo v1.11

arbitrary code

crafted zip file

nvd

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CPENameOperatorVersion
chamiloeq1.11

CPE	Name	Operator	Version
	chamilo	eq	1.11

References

github.com/alexmackey/security-research/blob/main/chamilo/ChamiloRceViaZipSlip.md

github.com/chamilo/chamilo-lms

support.chamilo.org/projects/chamilo-18/wiki/Security_issues