Project

General

Profile

Analysis #7228

upload security issues

Added by Anonymous almost 6 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Urgent
Assignee:
-
Target version:
-
Start date:
12/08/2014
Due date:
% Done:

0%

Estimated time:

Description

Any visitor (anonymously) can upload files to chamilo-user folders via repository/php/ajax/upload_image.class.php. It suffices to send an HTTP POST request to chamilo's ajax.php with the following parameters:
context=repository
method=upload_image
user_id=<any user id>
Filedata=<arbitrary file>

This allows DoS attacks by flooding the servers filesystem, or attacks on specific users by flooding their folder and surpassing their quotas.

Secondly, common/libraries/plugin/jquery-old/uploadify2/example/scripts/uploadify.php contains example code that allows users to upload arbitrary files to arbitrary locations within a chamilo installation. The example script folder should be removed, or the move_uploaded_file line should be commented out.

History

#1

Updated by Anonymous almost 6 years ago

Similar bug. common/extensions/external_repository_manager/implementation/soundcloud/plugin/soundcloud/demo/index.php allows flooding the server with arbitrary audio files.

The demo script should be removed from the repository.

#2

Updated by Anonymous almost 6 years ago

  • Project changed from Chamilo LCMS Connect to Core
#3

Updated by Anonymous almost 6 years ago

same issue in common/extensions/external_repository_manager/implementation/soundcloud/plugin/soundcloud/demo/index.php

Also available in: Atom PDF