.. / CVE-2023-4220

Exploit for Chamilo LMS <= 1.11.24 - Remote Code Execution (CVE-2023-4220)

Description:

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

Nuclei Template

View the template here CVE-2023-4220.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-4220.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4220
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
https://starlabs.sg/advisories/23/23-4220/
https://github.com/charlesgargasson/CVE-2023-4220