CVE-2023-4220
A vulnerability has been found in Chamilo LMS up to 1.11.24 (Content Management System) and classified as critical. Affected by this vulnerability is an unknown code in the library /main/inc/lib/javascript/bigupload/inc/bigUpload.php. The manipulation with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. As an impact it is known to affect confidentiality, integrity, and availability.
Exploit
Found an exploit online