Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4220 PoC — Chamilo LMS Unauthenticated Big Upload File Remote Code Execution

Source
https://github.com/N1ghtfallXxX/CVE-2023-4220
Associated Vulnerability
Title:Chamilo LMS Unauthenticated Big Upload File Remote Code Execution (CVE-2023-4220)
Description:Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Description
Chamilo LMS Unauthenticated Remote Code Execution
Readme
# Chamilo LMS Unauthenticated Remote Code Execution Exploit (CVE-2023-4220)

## Overview

This repository contains a Bash script that exploits an unauthenticated remote code execution (RCE) vulnerability in Chamilo LMS via arbitrary file write. The vulnerability is identified as CVE-2023-4220. This exploit allows an attacker to execute arbitrary commands on the target server by uploading a malicious PHP file.

## Prerequisites

- A vulnerable Chamilo LMS instance.
- A listener to catch the reverse shell (e.g., using Netcat).

## Exploit Details

- **Vulnerability**: CVE-2023-4220
- **Source**: [StarLabs Advisory](https://starlabs.sg/advisories/23/23-4220/)

## Usage

1. **Clone the repository**:
   ```bash
   git clone https://github.com/N1ghtfallXxX/CVE-2023-4220
   cd CVE-2023-3533
   chmod +x exploit.sh
   ./exploit.sh
   
# Disclaimer
This script is intended for educational purposes only. Unauthorized use of this script on systems without permission is illegal and unethical. Use responsibly and only on systems for which you have explicit permission.
File Snapshot

 [4.0K]  /data/pocs/4eb9d1bc4be550ebe9a9dd5ec6f0f8ddee8f985e
├── [4.3K]  chamilo-rce.py
├── [ 907]  exploit.sh
└── [1.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →