Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php file in a folder and then this folder in a ZIP archive, the server will accept this file without any checks. Because one can access this file from the website, it is remote code execution. This is related to a scorm imsmanifest.xml file, the import_package function, and extraction in $courseSysDir.$newDir.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Chamilo LMS 代码问题漏洞
Vulnerability Description
Chamilo LMS是Chamilo协会的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 1.11.8版本和2.x版本中存在安全漏洞,该漏洞源于程序没有检查ZIP归档文件内容便直接提取了ZIP归档文件。攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A