Description

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

Remediation

References

CVE-2022-27426

Related Vulnerabilities

WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (1.12)

Oracle JRE CVE-2018-2825 Vulnerability (CVE-2018-2825)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)

WordPress Plugin WP Mega Menu Security Bypass (1.4.0)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)

Severity

High

Classification

CVE-2022-27426 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities