Name of the Vulnerable Software and Affected Versions:

Chamilo LMS versions prior to 1.11.24

Description:

The issue allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell, specifically through the big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php`. This has been exploited in real-world incidents, such as the PermX machine on HackTheBox, where attackers used subdomain enumeration to discover a vulnerable Chamilo LMS instance, and then abused a bash script with sudo privileges to gain root access.

Recommendations:

For versions prior to 1.11.24, update to version 1.11.24 or later to resolve the issue. As a temporary workaround, consider disabling the big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` until a patch is available. Restrict access to the `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` file to minimize the risk of exploitation. Avoid using the big file upload functionality until the issue is resolved.