How does CVE-2023-3545 affect Chamilo LMS?

CVE-2023-3545 affects Chamilo LMS version 1.11.20 on Windows and Apache installations.

What is the severity of CVE-2023-3545?

CVE-2023-3545 has a severity rating of critical with a CVSS score of 9.8.

How can an attacker exploit CVE-2023-3545?

An attacker can exploit CVE-2023-3545 by uploading a .htaccess file to bypass file upload security protections and execute remote code.

Is there a fix available for CVE-2023-3545?

Yes, a fix for CVE-2023-3545 is available. It is recommended to update to a version of Chamilo LMS that is not affected by this vulnerability.

Vulnerability/
CVE-2023-3545

critical

9.8

CWE

178

28/11/2023

2/8/2024

CVE-2023-3545: Chamilo LMS Htaccess File Upload Security Bypass

Q: What is CVE-2023-3545?

CVE-2023-3545 refers to a vulnerability in Chamilo LMS that allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file.

First published: Tue Nov 28 2023(Updated: )

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

Credit: info@starlabs.sg

Affected Software	Affected Version	How to fix
Chamilo Chamilo	<=1.11.20

Remedy

https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-3545?
CVE-2023-3545 refers to a vulnerability in Chamilo LMS that allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file.
How does CVE-2023-3545 affect Chamilo LMS?
CVE-2023-3545 affects Chamilo LMS version 1.11.20 on Windows and Apache installations.
What is the severity of CVE-2023-3545?
CVE-2023-3545 has a severity rating of critical with a CVSS score of 9.8.
How can an attacker exploit CVE-2023-3545?
An attacker can exploit CVE-2023-3545 by uploading a .htaccess file to bypass file upload security protections and execute remote code.
Is there a fix available for CVE-2023-3545?
Yes, a fix for CVE-2023-3545 is available. It is recommended to update to a version of Chamilo LMS that is not affected by this vulnerability.

collector/nvd-api
agent/event
agent/type
agent/title
agent/severity
agent/weakness
agent/references
agent/author
agent/description
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/chamilo
canonical/chamilo chamilo
version/chamilo chamilo/1.11.20

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.