Unrestricted file upload in big file upload functionality...
High severity
Unreviewed
Published
Nov 28, 2023
to the GitHub Advisory Database
•
Updated Nov 28, 2023
Description
Published by the National Vulnerability Database
Nov 28, 2023
Published to the GitHub Advisory Database
Nov 28, 2023
Last updated
Nov 28, 2023
Unrestricted file upload in big file upload functionality in
/main/inc/lib/javascript/bigupload/inc/bigUpload.php
in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.References