Description
Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7837)
WordPress Plugin Smash Balloon Social Post Feed Cross-Site Scripting (4.1)
Django Incorrect Regular Expression Vulnerability (CVE-2018-7537)
WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5)