CVE-2023-4220 PoC — Chamilo LMS 安全漏洞

Source

Associated Vulnerability

Description

Chamilo LMS Unauthenticated Remote Code Execution

Readme

# Chamilo LMS Unauthenticated Remote Code Execution Exploit (CVE-2023-4220)

## Overview

This repository contains a Bash script that exploits an unauthenticated remote code execution (RCE) vulnerability in Chamilo LMS via arbitrary file write. The vulnerability is identified as CVE-2023-4220. This exploit allows an attacker to execute arbitrary commands on the target server by uploading a malicious PHP file.

## Prerequisites

- A vulnerable Chamilo LMS instance.
- A listener to catch the reverse shell (e.g., using Netcat).

## Exploit Details

- **Vulnerability**: CVE-2023-4220
- **Source**: [StarLabs Advisory](https://starlabs.sg/advisories/23/23-4220/)

## Usage

1. **Clone the repository**:
   ```bash
   git clone https://github.com/N1ghtfallXxX/CVE-2023-4220
   cd CVE-2023-3533
   chmod +x exploit.sh
   ./exploit.sh
   
# Disclaimer
This script is intended for educational purposes only. Unauthorized use of this script on systems without permission is illegal and unethical. Use responsibly and only on systems for which you have explicit permission.

File Snapshot

 [4.0K]  /data/pocs/4eb9d1bc4be550ebe9a9dd5ec6f0f8ddee8f985e
├── [4.3K]  chamilo-rce.py
├── [ 907]  exploit.sh
└── [1.0K]  README.md

0 directories, 3 files

Remarks