漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload
Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Chamilo 代码问题漏洞
Vulnerability Description
Chamilo是Chamilo开源的一个学习管理系统。 Chamilo 1.11.34之前版本存在代码问题漏洞,该漏洞源于对上传文件验证不当,可能导致经过身份验证的低权限用户上传包含可执行代码的特制文件并在服务器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A