CVE-2023-3545
CVE-2023-3545 is a critical-severity vulnerability in Chamilo with a CVSS 3.x base score of 9.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-178.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-178
- Affected product: Chamilo
- Published:
- Last modified:
Description
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.
Frequently asked questions
- What is CVE-2023-3545?
- Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.
- How severe is CVE-2023-3545?
- CVE-2023-3545 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-3545 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-3545?
- CVE-2023-3545 affects Chamilo. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-3545?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2023-3545 published?
- CVE-2023-3545 was published on 2023-11-28 and last updated on 2026-06-17.
References
- https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549
- https://starlabs.sg/advisories/23/23-3545/
- https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545
Affected products (1)
- cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*
More vulnerabilities in Chamilo
- CVE-2023-3533 — Critical (CVSS 9.8): Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <=…
- CVE-2023-3368 — Critical (CVSS 9.8): Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated…
- CVE-2023-34960 — Critical (CVSS 9.8): A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to…
- CVE-2021-34187 — Critical (CVSS 9.8): main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2…
- CVE-2022-42029 — High (CVSS 8.8): Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users…
- CVE-2022-40407 — High (CVSS 8.8): A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a…
Other CWE-178 vulnerabilities
- CVE-2026-54763 — Critical (CVSS 10.0): Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth,…
- CVE-2026-40453 — Critical (CVSS 9.9): The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such…
- CVE-2026-47323 — Critical (CVSS 9.8): Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative…
- CVE-2024-5699 — Critical (CVSS 9.8): In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by…
- CVE-2022-29604 — Critical (CVSS 9.8): An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which…
- CVE-2020-12812 — Critical (CVSS 9.8): An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a…