CVE-2023-34944-Patch Released for Arbitrary File Upload Vulnerability in Chamilo 1.11.* to v1.11.18, Upgrade Now to Protect Your System!

A critical vulnerability has surfaced in Chamilo, a popular learning management system (LMS) used by various educational institutions. Researchers have identified an arbitrary file upload vulnerability present in the fileUpload.lib.php component in Chamilo 1.11.* up to v1.11.18, tracked under the identifier CVE-2023-34944. This vulnerability poses a major threat to any institution running a vulnerable version of Chamilo, as it enables attackers to execute arbitrary code by uploading a maliciously crafted SVG file.

Details

The arbitrary file upload vulnerability in Chamilo is caused by insufficient validation mechanisms in the /fileUpload.lib.php component. An attacker can exploit this vulnerability by uploading a specifically crafted SVG file. Once uploaded, the malicious file can facilitate arbitrary code execution on the affected system.

To provide a better understanding of this vulnerability, here is a code snippet that illustrates the security flaw:

// In fileUpload.lib.php

//$safe_file_type: "jpg"
function check_svg($filepath, $encoding = 'UTF-8')
{
    $safe_types = ['.img', '.jpeg']; // Expects an array
    ...
}

As illustrated in the code snippet, the check_svg() function does not sufficiently validate the uploaded SVG file, making it possible for attackers to upload and execute arbitrary code on the vulnerable system under the guise of a seemingly safe file type.

Craft a malicious SVG file with embedded arbitrary code.

2. Upload the crafted SVG file to a Chamilo instance running a vulnerable version (1.11.* up to v1.11.18) via the /fileUpload.lib.php component.

Mitigation and Solution

The Chamilo team has already released an update – version 1.11.20 – which addresses this vulnerability. All affected users are urged to update their Chamilo installations to v1.11.20 or later immediately to protect their systems. You can find the latest release of Chamilo here.

For more information on CVE-2023-34944, please refer to the following resources

1. Official CVE-2023-34944 Listing
2. Chamilo GitHub Repository
3. Chamilo Releases and Updates

Conclusion

CVE-2023-34944 is a critical vulnerability affecting Chamilo 1.11.* up to v1.11.18. Educational institutions relying on the Chamilo LMS must be aware of this threat and are advised to upgrade their Chamilo installations immediately. By doing so, they can protect their systems from any potential intrusions that leverage this arbitrary file upload vulnerability.

Timeline

Published on: 06/13/2023 21:15:00 UTC
Last modified on: 06/20/2023 17:15:00 UTC