# Chamilo LMS 未经认证的大文件上传远程代码执行漏洞
## 概述
Chamilo LMS中`/main/inc/lib/javascript/bigupload/inc/bigUpload.php`的大型文件上传功能存在不受限制的文件上传漏洞,允许未认证的攻击者执行存储型跨站脚本攻击并获取远程代码执行权限。
## 影响版本
Chamilo LMS <= v1.11.24
## 细节
攻击者可以通过上传包含恶意代码的Web shell来利用此漏洞。该漏洞存在于大型文件上传功能中,未对上传的文件进行适当的检查和限制。
## 影响
未认证的攻击者可以利用此漏洞执行存储型跨站脚本攻击和获取远程代码执行权限,从而控制服务器并执行任意命令。
是否为 Web 类漏洞: 是
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 | https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc | POC详情 |
| 2 | Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | https://github.com/dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220 | POC详情 |
| 3 | https://starlabs.sg/advisories/23/23-4220/ | https://github.com/charlesgargasson/CVE-2023-4220 | POC详情 |
| 4 | CVE-2023-4220 POC RCE | https://github.com/insomnia-jacob/CVE-2023-4220- | POC详情 |
| 5 | This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. | https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit | POC详情 |
| 6 | This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. | https://github.com/Ziad-Sakr/Chamilo-CVE-2023-4220-Exploit | POC详情 |
| 7 | PoC for CVE-2023-4220 - Chamilo LMS - Unauthenticated File Upload in BigUpload | https://github.com/HO4XXX/cve-2023-4220-poc | POC详情 |
| 8 | Proof of concept exploit for CVE-2023-4220 | https://github.com/B1TC0R3/CVE-2023-4220-PoC | POC详情 |
| 9 | CVE-2023–4220 Exploit | https://github.com/nr4x4/CVE-2023-4220 | POC详情 |
| 10 | LMS Chamilo 1.11.24 CVE-2023-4220 Exploit | https://github.com/Al3xGD/CVE-2023-4220-Exploit | POC详情 |
| 11 | CVE-2023-4220 POC RCE | https://github.com/insomnia-jacob/CVE-2023-4220 | POC详情 |
| 12 | This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 | https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-poc | POC详情 |
| 13 | Chamilo LMS Unauthenticated Big Upload File that allows remote code execution | https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept | POC详情 |
| 14 | None | https://github.com/VanishedPeople/CVE-2023-4220 | POC详情 |
| 15 | Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220 | https://github.com/thefizzyfish/CVE-2023-4220 | POC详情 |
| 16 | CVE-2023-4220 Chamilo Exploit | https://github.com/qrxnz/CVE-2023-4220 | POC详情 |
| 17 | (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution | https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit | POC详情 |
| 18 | (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution | https://github.com/0x00-null/Chamilo-CVE-2023-4220-RCE-Exploit | POC详情 |
| 19 | None | https://github.com/bueno-armando/CVE-2023-4220-RCE | POC详情 |
| 20 | Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash | https://github.com/TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit | POC详情 |
| 21 | CVE-2023-4220 Chamilo Exploit | https://github.com/H4cking4All/CVE-2023-4220 | POC详情 |
| 22 | Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220 | https://github.com/thefizzyfish/CVE-2023-4220_Chamilo_RCE | POC详情 |
| 23 | None | https://github.com/oxapavan/CVE-2023-4220-HTB-PermX | POC详情 |
| 24 | Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash | https://github.com/0xDTC/Chamilo-LMS-CVE-2023-4220-Exploit | POC详情 |
| 25 | https://nvd.nist.gov/vuln/detail/CVE-2023-4220 | https://github.com/numaan911098/CVE-2023-4220 | POC详情 |
| 26 | Remote command execution exploit made for redteamers. | https://github.com/MikeyPPPPPPPP/CVE-2023-4220 | POC详情 |
| 27 | Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes no autenticados realizar ataques de Cross Site Scripting almacenados y obtener código remoto ejecución mediante la carga de web shell. | https://github.com/Pr1or95/CVE-2023-4220-exploit | POC详情 |
| 28 | Exploit for CVE-2023-4220 | https://github.com/zora-beep/CVE-2023-4220 | POC详情 |
| 29 | Chamilo LMS Unauthenticated Remote Code Execution | https://github.com/N1ghtfallXxX/CVE-2023-4220 | POC详情 |
| 30 | CVE-2023-4220 POC RCE | https://github.com/gmh5225/CVE-2023-4220 | POC详情 |
| 31 | Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4220.yaml | POC详情 |
| 32 | This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 | https://github.com/Rai2en/CVE-2023-4220-Chamilo-LMS | POC详情 |
| 33 | Unauthenticated file upload for Chamilo 1.11.24 and lower | https://github.com/Least-Significant-Bit/CVE-2023-4220 | POC详情 |
暂无评论