PT-2023-25218 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS versions prior to 1.11.20 Description: The issue is related to improper sanitisation in the main/inc/lib/fileUpload.lib.php file, which allows unauthenticated attackers to bypass file upload security protections. This can lead to...

DRUPAL-CORE-2022-014

Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers. Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference:...