How severe is CVE-2021-31933?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2021-31933?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2021-31933 - HIGH Severity | CVSS 7.2

Vulnerability Description

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

Related Vulnerabilities

CVE-2019-17575

HIGH

CVSS:7.2(High)

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extensio...

CWE-7062019

CVE-2019-9616

HIGH

CVSS:7.2(High)

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor...

CWE-7062019

CVE-2022-29445

HIGH

CVSS:7.2(High)

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.

CWE-7062022

CVE-2020-26233

HIGH

CVSS:7.3(High)

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively clon...

CWE-7062020

CVE-2019-19921

HIGH

CVSS:7.0(High)

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with...

CWE-7062019

CVE-2023-27561

HIGH

CVSS:7.0(High)

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with cus...

CWE-7062023