Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are filtered to .phps, the .pht extension passes through unmodified. On Apache configurations where .pht is handled as PHP, this leads to Remote Code Execution. This vulnerability is fixed in 1.11.38.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

危险类型文件的不加限制上传

Chamilo LMS 代码问题漏洞

Chamilo LMS是Chamilo开源的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo LMS 1.11.38之前版本存在代码问题漏洞，该漏洞源于BigUpload端点允许任何经过身份验证的用户向服务器文件写入任意内容，可能导致远程代码执行。

N/A

N/A