What is CVE-2023-4221 vulnerability?

CVE-2023-4221 vulnerability is a command injection vulnerability in Chamilo LMS that allows users with upload permissions to execute remote code.

What is the severity of CVE-2023-4221?

The severity of CVE-2023-4221 is rated as high with a severity score of 8.8.

How does CVE-2023-4221 impact Chamilo LMS?

CVE-2023-4221 allows authenticated users to gain unauthenticated remote code execution, posing a critical impact and moderate risk to Chamilo LMS.

How can CVE-2023-4221 be exploited?

CVE-2023-4221 can be exploited by uploading a specially crafted Learning Path that contains a command injection payload.

Is there a fix available for CVE-2023-4221?

Yes, a fix for CVE-2023-4221 is available. It is recommended to update Chamilo LMS to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2023-4221

high

8.8

CWE

78 77

28/11/2023

2/8/2024

CVE-2023-4221: Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability

First published: Tue Nov 28 2023(Updated: )

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

Credit: info@starlabs.sg

Affected Software	Affected Version	How to fix
Chamilo Chamilo Lms	<=1.11.24

Remedy

https://github.com/chamilo/chamilo-lms/commit/841a07396fed0ef27c5db13a1b700eac02754fc7

Remedy

https://github.com/chamilo/chamilo-lms/commit/ed72914608d2a07ee2eb587c1a654480d08201db

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-4221 vulnerability?
CVE-2023-4221 vulnerability is a command injection vulnerability in Chamilo LMS that allows users with upload permissions to execute remote code.
What is the severity of CVE-2023-4221?
The severity of CVE-2023-4221 is rated as high with a severity score of 8.8.
How does CVE-2023-4221 impact Chamilo LMS?
CVE-2023-4221 allows authenticated users to gain unauthenticated remote code execution, posing a critical impact and moderate risk to Chamilo LMS.
How can CVE-2023-4221 be exploited?
CVE-2023-4221 can be exploited by uploading a specially crafted Learning Path that contains a command injection payload.
Is there a fix available for CVE-2023-4221?
Yes, a fix for CVE-2023-4221 is available. It is recommended to update Chamilo LMS to a version that is not affected by the vulnerability.

collector/nvd-api
agent/weakness
agent/title
agent/author
agent/type
agent/event
agent/references
agent/severity
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/chamilo
canonical/chamilo chamilo lms
version/chamilo chamilo lms/1.11.24

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.