2 matches found
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lpupload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder a...
CVE-2019-13082
Chamilo LMS 1.11.8 and 2.x are affected by a remote code execution vulnerability in an unauthenticated ZIP upload path (lp_upload.php). The CAUSES: archives are extracted before content checking, and after extraction there is no recursive verification of files, allowing a crafted ZIP that contain...