Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32925: Fix XML import user_import.php results page · chamilo/chamilo-lms@e71437c

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities.

CVE
#php

@@ -1,4 +1,5 @@ <?php
/* For licensing terms, see /license.txt */
use Chamilo\CoreBundle\Entity\ExtraFieldOptions; @@ -13,7 +14,6 @@ // Set this option to true to enforce strict purification for usenames. $purification_option_for_usernames = false; $userId = api_get_user_id();
api_protect_admin_script(true, null); api_protect_limit_for_session_admin(); set_time_limit(0); @@ -220,7 +220,6 @@ function save_data($users, $sendMail = false) if (!isset($inserted_in_course)) { $inserted_in_course = []; }
$usergroup = new UserGroup(); if (is_array($users)) { $efo = new ExtraFieldOption(‘user’); @@ -433,10 +432,9 @@ function parse_csv_data($users, $fileName, $sendEmail = 0, $checkUniqueEmail = t * * @return array All user information read from the file */ function parse_xml_data($file) function parse_xml_data($file, $sendEmail = 0, $checkUniqueEmail = true) { $crawler = new \Symfony\Component\DomCrawler\Crawler(); $crawler->addXmlContent(file_get_contents($file)); $crawler = Import::xml($file); $crawler = $crawler->filter('Contacts > Contact '); $array = []; foreach ($crawler as $domElement) { @@ -451,6 +449,16 @@ function parse_xml_data($file) } }
Session::write( 'user_import_data_’.api_get_user_id(), [ ‘check_unique_email’ => $checkUniqueEmail, ‘send_email’ => $sendEmail, ‘date’ => api_get_utc_datetime(), ‘log_messages’ => '’, ] );
return $array; }
@@ -548,7 +556,11 @@ function processUsers(&$users, $sendMail) $users = validate_data($users, $checkUniqueEmail); $error_kind_file = false; } elseif (strcmp($file_type, ‘xml’) === 0 && $ext_import_file == $allowed_file_mimetype[1]) { $users = parse_xml_data($_FILES[‘import_file’][‘tmp_name’]); $users = parse_xml_data( $_FILES[‘import_file’][‘tmp_name’], $sendMail, $checkUniqueEmail ); $users = validate_data($users, $checkUniqueEmail); $error_kind_file = false; } @@ -590,15 +602,17 @@ function processUsers(&$users, $sendMail) $formContinue = false; $resumeStop = true; if (!empty($importData)) { $isResume = $importData[‘resume’]; $isResume = $importData[‘resume’] ?? false;
$formContinue = new FormValidator('user_import_continue’, ‘post’, api_get_self()); $label = get_lang(‘Results’); if ($isResume) { $label = get_lang(‘ContinueLastImport’); } $formContinue->addHeader($label); $formContinue->addLabel(get_lang(‘File’), $importData[‘filename’]); if (isset($importData[‘filename’])) { $formContinue->addLabel(get_lang(‘File’), $importData[‘filename’] ?? ‘’); }
$resumeStop = true; if ($isResume) { @@ -614,10 +628,12 @@ function processUsers(&$users, $sendMail) $importData[‘counter’].’ / '.count($importData[‘complete_list’]) ); } else { $formContinue->addLabel( get_lang(‘Users’), count($importData[‘complete_list’]) ); if (!empty($importData[‘complete_list’])) { $formContinue->addLabel( get_lang(‘Users’), count($importData[‘complete_list’]) ); } }
$formContinue->addLabel(

Related news

CVE-2023-4220: Security issues - Chamilo LMS

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

CVE-2023-4226: Security issues - Chamilo LMS

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

CVE-2023-3533: Security issues - Chamilo LMS

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.

CVE-2023-3545: Security issues - Chamilo LMS

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

CVE-2023-39582: Security issues - Chamilo LMS

SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37063: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-34958: Security issues - Chamilo LMS

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

CVE-2023-34959: Security issues - Chamilo LMS

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

CVE-2023-34961: Security issues - Chamilo LMS

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.

CVE-2023-31800: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2022-42029: Security issues - Chamilo LMS

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

CVE-2022-40407: Security issues - Chamilo LMS

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907