CVE-2023-4223

Published: 2023-11-28T08:15Z

Last Modified: 2024-11-21T08:34Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt