CVE-2023-34944 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2023-34944?

CVE-2023-34944 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to upload malicious SVG files to Chamilo LMS, which can lead to remote code execution. It affects Chamilo 1.11.* versions up to v1.11.18. Attackers can exploit this without authentication to compromise the server.

📋 TL;DR

This vulnerability allows attackers to upload malicious SVG files to Chamilo LMS, which can lead to remote code execution. It affects Chamilo 1.11.* versions up to v1.11.18. Attackers can exploit this without authentication to compromise the server.

💻 Affected Systems

Products:

Chamilo LMS

Versions: 1.11.* up to v1.11.18

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /fileUpload.lib.php component. Requires file upload functionality to be enabled.

📦 What is this software?

Chamilo Lms by Chamilo

View all CVEs affecting Chamilo Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Webshell installation allowing persistent access, data exfiltration, or defacement of the Chamilo instance.

🟢

If Mitigated

Limited impact if file uploads are disabled or strict file type validation is implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation involves uploading a crafted SVG file containing malicious code. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.11.19 and later

Vendor Advisory: https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG

Restart Required: No

Instructions:

1. Backup your Chamilo installation and database. 2. Download the latest version from chamilo.org. 3. Replace the affected files with patched versions. 4. Verify the fix by checking the version.

🔧 Temporary Workarounds

Disable SVG uploads

all

Modify Chamilo configuration to block SVG file uploads entirely.

Edit Chamilo configuration to remove 'svg' from allowed file types

Implement WAF rules

all

Add web application firewall rules to block malicious SVG uploads.

Add WAF rule: Block requests with 'fileUpload.lib.php' and SVG content

🧯 If You Can't Patch

Disable the file upload functionality in Chamilo completely.
Implement strict network segmentation to isolate the Chamilo server from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check if Chamilo version is 1.11.18 or earlier and file upload is enabled.

Check Version:

Check Chamilo admin panel or main configuration file for version number.

Verify Fix Applied:

Verify Chamilo version is 1.11.19 or later and test SVG upload functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /fileUpload.lib.php
SVG files with suspicious content (e.g., PHP code, JavaScript)

Network Indicators:

HTTP POST requests to fileUpload.lib.php with SVG files
Unusual outbound connections from Chamilo server

SIEM Query:

source="web_logs" AND uri="/fileUpload.lib.php" AND file_type="svg"

📊 Metadata

CVE ID: CVE-2023-34944

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 13, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34944, you might also want to check these: