漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings
Vulnerability Description
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into the settings, which is then executed when any user (including unauthenticated) requests /platform-config/list. This vulnerability is fixed in 2.0.0-RC.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Chamilo LMS 安全漏洞
Vulnerability Description
Chamilo LMS是Chamilo开源的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 2.0.0-RC.3之前版本存在安全漏洞,该漏洞源于PlatformConfigurationController::decodeSettingArray方法使用eval解析数据库设置,可能导致具有管理员访问权限的攻击者注入任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A