CVE-2023-4220 Scanner
CVE-2023-4220 Scanner - Remote Code Execution vulnerability in Chamilo LMS
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
20 days 12 hours
Scan only one
Domain, IPv4
Toolbox
-
Chamilo LMS is an open-source learning management system aimed at education and training professionals, enabling them to deliver courses and manage learning activities. It is used by educational institutions, corporations for employee training, and independent educators worldwide. The platform supports varied functionalities like online courses, assignments, and assessments, and it facilitates both synchronous and asynchronous learning. Chamilo's open-source nature allows customization, fostering a community of developers who contribute to its evolution. It also integrates several third-party apps and tools, providing users with a flexible learning environment. Due to its wide user base, the security of the platform is pivotal to maintain user trust and data integrity.
The Remote Code Execution (RCE) vulnerability in Chamilo LMS 1.24 arises from unrestricted file uploads via the big file upload functionality. This flaw is exploited by an attacker uploading a malicious web shell through the upload script. Once uploaded, the attacker can execute arbitrary code with the same privileges as the web server user, potentially compromising the entire system. The vulnerability stems from an absence of strict validation and filtering of the uploaded files, thereby allowing malicious scripts to be deployed. Exploiting this flaw could allow unauthorized access and control over the affected Chamilo LMS instances. This vulnerability highlights the critical need for secure file handling mechanisms within web applications.
The vulnerability is present in the file upload functionality located at `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` within Chamilo LMS. The end-point fails to properly validate the type and content of uploaded files, permitting attackers to upload files that can execute code on the server. The uploaded file can be accessed and executed if the attacker constructs requests that are successfully processed by the vulnerable endpoint. The parameter `bigUploadFile` is exploited by specifying a file name with a payload that the system proceeds to store and later processes, enabling code execution. Security measures such as ensuring certain file types and contents should have been in place to prevent this type of attack.
Exploitation of this vulnerability allows attackers to execute arbitrary code on the target server, which can lead to multiple adverse outcomes. The potential effects include unauthorized access to sensitive educational data, defacement of web portals, creation or deletion of user accounts, and installation of malicious software. It could further facilitate lateral movement within a network, leading to broader compromises across connected systems or services. The vulnerability might also be leveraged to establish persistent backdoors, making further intrusions easier for attackers. Institutions relying on Chamilo LMS could face data breaches, financial loss, and reputational damage if this vulnerability is exploited.
REFERENCES