1454 matches found
Chamilo LMS 1.11.8 Shell Upload Exploit
Exploit for php platform in category web applications PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name...
Chamilo LMS 1.11.8 Shell Upload
PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name"; if...
Chamilo LMS Code Execution Vulnerability
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.8 and version 2.x,...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
Remote code execution
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x are affected by a remote code execution vulnerability in an unauthenticated ZIP upload path (lp_upload.php). The CAUSES: archives are extracted before content checking, and after extraction there is no recursive verification of files, allowing a crafted ZIP that contain...
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...
Improper access control
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...
Cross site scripting
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...
CVE-2019-1000015
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting XSS vulnerability in main/messages/newmessage.php, main/social/personaldata.php, main/inc/lib/TicketManager.php, main/ticket/ticketdetails.php that can result in a message being sent to the Administrator with the XSS t...
CVE-2019-1000017
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...
CVE-2019-1000017
Chamilo LMS (Chamilo-lms) versions 1.11.8 and earlier are affected by an Incorrect Access Control vulnerability in the Tickets component. An authenticated user can read all tickets on the platform due to missing access restrictions, exploitable via the ticket_id parameter. The issue has been fixe...
CVE-2019-1000015
Chamilo LMS (version 1.11.8 and earlier) contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, and main/ticket/ticket_details.php. The issue can cause a message to be sent to the Administrator with an X...
Chamilo LMS cross-site scripting vulnerability (CNVD-2018-26467)
Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site scripting vulnerability exists in the...