{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T01:36:21.946","vulnerabilities":[{"cve":{"id":"CVE-2023-4224","sourceIdentifier":"info@starlabs.sg","published":"2023-11-28T08:15:09.213","lastModified":"2024-11-21T08:34:39.590","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files."},{"lang":"es","value":"La carga de archivos sin restricciones en `/main/inc/ajax/dropbox.ajax.php` en Chamilo LMS en versiones &lt;= 1.11.24 permite a atacantes autenticados con rol de aprendizaje obtener la ejecución remota de código mediante la carga de archivos PHP."}],"metrics":{"cvssMetricV31":[{"source":"info@starlabs.sg","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"info@starlabs.sg","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.24","matchCriteriaId":"3CA5310C-E5B0-4369-BC5A-F56EBED72EBA"}]}]}],"references":[{"url":"https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4","source":"info@starlabs.sg","tags":["Patch"]},{"url":"https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f","source":"info@starlabs.sg","tags":["Patch"]},{"url":"https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a","source":"info@starlabs.sg","tags":["Patch"]},{"url":"https://starlabs.sg/advisories/23/23-4224","source":"info@starlabs.sg","tags":["Exploit","Third Party Advisory"]},{"url":"https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226","source":"info@starlabs.sg","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/chamilo/chamilo-lms/commit/6f32625a012d5de2dfe8edbccb4ed14a85e310d4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/chamilo/chamilo-lms/commit/e864127a440c2cab0eb62c113a04e2e904543a1f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/chamilo/chamilo-lms/commit/f3d62b65ad60d68096c2674d5695339f04de0b8a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://starlabs.sg/advisories/23/23-4224","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-129-2023-09-04-Critical-impact-Moderate-risk-Authenticated-users-may-gain-unauthenticated-RCE-CVE-2023-4223CVE-2023-4224CVE-2023-4225CVE-2023-4226","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}