Description
Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2429 Vulnerability (CVE-2013-2429)
WordPress Plugin Image Widget Unspecified Vulnerability (4.1.2)
WordPress Plugin Zip Attachments Arbitrary File Download (1.4)
MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9740)