Description
Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy PayPal Events Cross-Site Scripting (1.1.1)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (1.8.2)
WordPress Plugin Influencer Marketing & Press Release System Cross-Site Scripting (2.2)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1971)
Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)