Lucene search
K

1454 matches found

0day.today
0day.today
added 2019/09/26 12:0 a.m.32 views

Chamilo LMS 1.11.8 Shell Upload Exploit

Exploit for php platform in category web applications PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/25 12:0 a.m.623 views

Chamilo LMS 1.11.8 Shell Upload

PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name"; if...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/07/02 12:0 a.m.3 views

Chamilo LMS Code Execution Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.8 and version 2.x,...

9.8CVSS7AI score0.04018EPSS
Exploits1References1
NVD
NVD
added 2019/06/30 4:15 p.m.12 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

9.8CVSS10AI score0.04018EPSS
Exploits1References2
OSV
OSV
added 2019/06/30 4:15 p.m.17 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

9.8CVSS8.2AI score
Exploits0References2
Prion
Prion
added 2019/06/30 4:15 p.m.13 views

Remote code execution

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

7.5CVSS9.9AI score0.04018EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/06/30 4:15 p.m.2 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

9.8CVSS6.6AI score0.04018EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/06/30 3:7 p.m.14 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...

10AI score0.04018EPSS
Exploits1References2
CVE
CVE
added 2019/06/30 3:7 p.m.79 views

CVE-2019-13082

Chamilo LMS 1.11.8 and 2.x are affected by a remote code execution vulnerability in an unauthenticated ZIP upload path (lp_upload.php). The CAUSES: archives are extracted before content checking, and after extraction there is no recursive verification of files, allowing a crafted ZIP that contain...

9.8CVSS9.9AI score0.04018EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/02/04 9:29 p.m.15 views

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

6.5CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.15 views

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

6.5CVSS6.5AI score0.00962EPSS
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.11 views

CVE-2019-1000015

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...

6.1CVSS5.9AI score0.00802EPSS
Exploits0References1
OSV
OSV
added 2019/02/04 9:29 p.m.14 views

CVE-2019-1000015

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...

6.1CVSS5.3AI score
Exploits0References1
Prion
Prion
added 2019/02/04 9:29 p.m.15 views

Improper access control

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

4CVSS6.4AI score0.00962EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/02/04 9:29 p.m.14 views

Cross site scripting

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...

4.3CVSS5.8AI score0.00802EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.17 views

CVE-2019-1000015

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...

5.9AI score0.00802EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.17 views

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

6.5AI score0.00962EPSS
Exploits0References2
CVE
CVE
added 2019/02/04 9:0 p.m.49 views

CVE-2019-1000017

Chamilo LMS (Chamilo-lms) versions 1.11.8 and earlier are affected by an Incorrect Access Control vulnerability in the Tickets component. An authenticated user can read all tickets on the platform due to missing access restrictions, exploitable via the ticket_id parameter. The issue has been fixe...

6.5CVSS6.4AI score0.00962EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/02/04 9:0 p.m.53 views

CVE-2019-1000015

Chamilo LMS (version 1.11.8 and earlier) contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, and main/ticket/ticket_details.php. The issue can cause a message to be sent to the Administrator with an X...

6.1CVSS5.8AI score0.00802EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/12/24 12:0 a.m.2 views

Chamilo LMS cross-site scripting vulnerability (CNVD-2018-26467)

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site scripting vulnerability exists in the...

5.4CVSS6.2AI score0.00665EPSS
Exploits0References1
Rows per page
Query Builder