Description
Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)
WordPress Plugin WooCommerce-Store Exporter Multiple Cross-Site Scripting Vulnerabilities (1.7.5)
Oracle JRE CVE-2018-2677 Vulnerability (CVE-2018-2677)
WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)