Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell #19631

Open
jheysel-r7 opened this issue Nov 12, 2024 · 0 comments · May be fixed by #19629
Open

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell #19631

jheysel-r7 opened this issue Nov 12, 2024 · 0 comments · May be fixed by #19629
Assignees
@jheysel-r7
Labels
suggestion-module New module suggestions

Comments

@jheysel-r7
Copy link
Contributor

Summary

In versions prior to <= v1.11.24 a webshell can be uploaded via the bigload.php endpoint. If the GET request parameter action is set to post-unsupported file extension checks are skipped allowing for attacker controlled .php files to be uploaded

Basic example

https://github.com/H4cking4All/CVE-2023-4220/tree/main
@jheysel-r7 jheysel-r7 added the suggestion-module New module suggestions label Nov 12, 2024
@jheysel-r7 jheysel-r7 self-assigned this Nov 12, 2024
@jheysel-r7 jheysel-r7 linked a pull request Nov 12, 2024 that will close this issue
Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) #19629
Open
@jheysel-r7 jheysel-r7 moved this to Done in Metasploit Kanban Nov 12, 2024
@jheysel-r7 jheysel-r7 moved this from Done to In Progress in Metasploit Kanban Nov 12, 2024
@jheysel-r7 jheysel-r7 moved this from In Progress to Todo in Metasploit Kanban Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jheysel-r7 jheysel-r7

Labels
suggestion-module New module suggestions
Projects
Metasploit Kanban
Status: Todo
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) jheysel-r7/metasploit-framework
1 participant
@jheysel-r7