CVE-2023-34944

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

Ссылки

http://chamilo.com
Product
https://github.com/chamilo/chamilo-lms/commit/0d0c88c4806280ac9b70a299d6e3099269c9bc54
Patch
https://github.com/chamilo/chamilo-lms/commit/f6e83550c2d17fc93a65ec4be602a78312289f37
Patch
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG
Vendor Advisory
http://chamilo.com
Product
https://github.com/chamilo/chamilo-lms/commit/0d0c88c4806280ac9b70a299d6e3099269c9bc54
Patch
https://github.com/chamilo/chamilo-lms/commit/f6e83550c2d17fc93a65ec4be602a78312289f37
Patch
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

Версия от 1.11.0 (включая) до 1.11.18 (включая)

EPSS

Процентиль: 65%

0.00489

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-pqf3-p992-q8gr