Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4220
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Chamilo LMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Chamilo LMS是Chamilo协会的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS v1.11.24 版本及之前版本存在安全漏洞,该漏洞源于 “/main/inc/lib/javascript/bigupload/inc/bigUpload.php”页面存在大文件上传功能存在不受限制的文件上传。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ChamiloChamilo 0 ~ 1.11.24 -
II. Public POCs for CVE-2023-4220
#POC DescriptionSource LinkShenlong Link
1This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-pocPOC Details
2Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.https://github.com/dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220POC Details
3https://starlabs.sg/advisories/23/23-4220/https://github.com/charlesgargasson/CVE-2023-4220POC Details
4CVE-2023-4220 POC RCEhttps://github.com/insomnia-jacob/CVE-2023-4220-POC Details
5This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-ExploitPOC Details
6This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.https://github.com/Ziad-Sakr/Chamilo-CVE-2023-4220-ExploitPOC Details
7PoC for CVE-2023-4220 - Chamilo LMS - Unauthenticated File Upload in BigUploadhttps://github.com/HO4XXX/cve-2023-4220-pocPOC Details
8Proof of concept exploit for CVE-2023-4220https://github.com/B1TC0R3/CVE-2023-4220-PoCPOC Details
9CVE-2023–4220 Exploithttps://github.com/nr4x4/CVE-2023-4220POC Details
10LMS Chamilo 1.11.24 CVE-2023-4220 Exploithttps://github.com/Al3xGD/CVE-2023-4220-ExploitPOC Details
11CVE-2023-4220 POC RCEhttps://github.com/insomnia-jacob/CVE-2023-4220POC Details
12This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-pocPOC Details
13Chamilo LMS Unauthenticated Big Upload File that allows remote code executionhttps://github.com/LGenAgul/CVE-2023-4220-Proof-of-conceptPOC Details
14Nonehttps://github.com/VanishedPeople/CVE-2023-4220POC Details
15Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220https://github.com/thefizzyfish/CVE-2023-4220POC Details
16CVE-2023-4220 Chamilo Exploithttps://github.com/qrxnz/CVE-2023-4220POC Details
17(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-ExploitPOC Details
18(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution https://github.com/0x00-null/Chamilo-CVE-2023-4220-RCE-ExploitPOC Details
19Nonehttps://github.com/bueno-armando/CVE-2023-4220-RCEPOC Details
20Refurbish Chamilo LMS CVE-2023-4220 exploit written in bashhttps://github.com/TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-ExploitPOC Details
21CVE-2023-4220 Chamilo Exploithttps://github.com/H4cking4All/CVE-2023-4220POC Details
22Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220https://github.com/thefizzyfish/CVE-2023-4220_Chamilo_RCEPOC Details
23Nonehttps://github.com/oxapavan/CVE-2023-4220-HTB-PermXPOC Details
24Refurbish Chamilo LMS CVE-2023-4220 exploit written in bashhttps://github.com/0xDTC/Chamilo-LMS-CVE-2023-4220-ExploitPOC Details
25https://nvd.nist.gov/vuln/detail/CVE-2023-4220https://github.com/numaan911098/CVE-2023-4220POC Details
26Remote command execution exploit made for redteamers.https://github.com/MikeyPPPPPPPP/CVE-2023-4220POC Details
27Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` en Chamilo LMS en versiones <= 1.11.24 permite a atacantes no autenticados realizar ataques de Cross Site Scripting almacenados y obtener código remoto ejecución mediante la carga de web shell.https://github.com/Pr1or95/CVE-2023-4220-exploitPOC Details
28Exploit for CVE-2023-4220https://github.com/zora-beep/CVE-2023-4220POC Details
29Chamilo LMS Unauthenticated Remote Code Executionhttps://github.com/N1ghtfallXxX/CVE-2023-4220POC Details
30CVE-2023-4220 POC RCEhttps://github.com/gmh5225/CVE-2023-4220POC Details
31Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-4220.yamlPOC Details
32This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220https://github.com/Rai2en/CVE-2023-4220-Chamilo-LMSPOC Details
33Unauthenticated file upload for Chamilo 1.11.24 and lowerhttps://github.com/Least-Significant-Bit/CVE-2023-4220POC Details
34Nonehttps://github.com/Sn0wBaall/CVE-2023-4220-PoCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-4220
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Chamilo
Same vendor: Chamilo
Same weakness: CWE-434
V. Comments for CVE-2023-4220

No comments yet

Leave a comment