krishnan-tech

2 exploits Active since Nov 2023
CVE-2023-4226 NOMISEC HIGH WORKING POC
Chamilo LMS <= 1.11.24 - Authenticated Remote Code Execution via PHP File Upload
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
1 stars
CVSS 8.8
CVE-2023-4220 VULNCHECK_XDB HIGH WORKING POC
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS 8.1