6 matches found
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
Chamilo LMS 1.11.14 Remote Code Execution
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
CVE-2021-31933
creationtimestamp| type| source ---|---|--- 2021-05-14 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49867 2021-05-15 00:46:44+00:00| seen| https://t.me/pwnwikizhchannel/425...
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames e.g., .phar or .pht. A remote authenticated administrator is able to upload a file containin...
CVE-2021-31933
Chamilo LMS up to version 1.11.14 is affected by CVE-2021-31933 due to improper input sanitization for a file-upload parameter and inadequate file-extension filtering (e.g., .phar/.pht). This allows a remote authenticated administrator to upload a file containing PHP code via main/inc/lib/fileUpl...