CVE-2022-27426

Name of the Vulnerable Software and Affected Versions Chamilo LMS version 1.11.13

Description A Server-Side Request Forgery (SSRF) issue allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

Recommendations For Chamilo LMS version 1.11.13, consider disabling the functionality that allows the execution of Phar files until a patch is available. Restrict access to internal network resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.