Authenticated Local File Inclusion in Chamilo by Chamilo Foundation
CVE-2022-42029

8.8HIGH

Key Information:

Vendor: Chamilo
Status: Chamilo
Vendor: CVE Published:; 17 October 2022

What is CVE-2022-42029?

Chamilo 1.11.16 contains a vulnerability that allows authenticated users who have access to 'big file uploads' to perform authenticated local file inclusion. This could enable users to copy or move files from any location in the file system into the web directory, potentially leading to unauthorized access and manipulation of sensitive files.

References

https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Oct 3, 2022