Analysis #7228
open
upload security issues
0%
Description
Any visitor (anonymously) can upload files to chamilo-user folders via repository/php/ajax/upload_image.class.php. It suffices to send an HTTP POST request to chamilo's ajax.php with the following parameters:
context=repository
method=upload_image
user_id=<any user id>
Filedata=<arbitrary file>
This allows DoS attacks by flooding the servers filesystem, or attacks on specific users by flooding their folder and surpassing their quotas.
Secondly, common/libraries/plugin/jquery-old/uploadify2/example/scripts/uploadify.php contains example code that allows users to upload arbitrary files to arbitrary locations within a chamilo installation. The example script folder should be removed, or the move_uploaded_file line should be commented out.