CVE-2022-27426
HIGHChamilo LMS 1.11.0-1.11.15 - Server-Side Request Forgery via Crafted Phar File
Title source: llmDescription
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.chamilo.org/projects/1/wiki/Security_issues
Scores
CVSS v3
8.8
EPSS
0.0078
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
chamilo/chamilo_lms
1.11.0 - 1.11.16
Published
Apr 15, 2022
Tracked Since
Feb 18, 2026