Lucene search
HistoryNov 28, 2023 - 7:15 a.m.
CVE-2023-3533
cve-2023-3533
path traversal
file upload
chamilo lms
unauthenticated attack
stored xss
remote code execution
arbitrary file write
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
71.9%
Path traversal in file upload functionality in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
Affected configurations
Node
chamilochamiloRange≤1.11.20
Related
cvelist
cvelist
CVE-2023-3533 Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write
2023-11-28 07:06:43
CVE-2023-3545 Chamilo LMS Htaccess File Upload Security Bypass
2023-11-28 07:07:27
cve
cve
CVE-2023-3533
2023-11-28 07:15:42
CVE-2023-3545
2023-11-28 07:15:42
prion
prion
Path traversal
2023-11-28 07:15:00
Design/Logic Flaw
2023-11-28 07:15:00
osv
osv
CVE-2023-3533
2023-11-28 07:15:42
CVE-2023-3545
2023-11-28 07:15:42
nvd
nvd
CVE-2023-3545
2023-11-28 07:15:42
openvas
openvas
Chamilo LMS 1.11.x < 1.11.22 Multiple Vulnerabilities
2023-12-01 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
71.9%
Related for NVD:CVE-2023-3533