CVE-2022-42029

Name of the Vulnerable Software and Affected Versions Chamilo version 1.11.16

Description The issue allows authenticated users with access to 'big file uploads' to copy or move files from anywhere in the file system into the web directory. This is due to an authenticated local file inclusion vulnerability.

Recommendations For Chamilo version 1.11.16, consider restricting access to the 'big file uploads' feature to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of authenticated users to copy or move files into the web directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.