Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.24 Tested Versions v1.11.24 (latest version as of writing) CVE Identifier CVE-2023-4220 CVE Description Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting ...
