SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Chamilo LMS Arbitrary File Creation

Category: WEB-ATTACKS      

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames. A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.


Relevant Information