CVE-2022-42029

HIGH

Chamilo - Unrestricted File Upload

Title source: rule

Description

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory

https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion

Scores

CVSS v3 8.8

EPSS 0.0043

EPSS Percentile 62.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

chamilo/chamilo 1.11.16

Published Oct 17, 2022

Tracked Since Feb 18, 2026