CVE-2018-25158
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Chamilo | Chamillo LMS | Chamilo 1.11.8 or lower to 1.8 | affected |
Weaknesses
- CWE-434: Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/47423
- https://github.com/chamilo/chamilo-lms
- https://www.vulncheck.com/advisories/chamilo-lms-arbitrary-file-upload-via-elfinder
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.