Description
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2436 Vulnerability (CVE-2013-2436)
PHP Address Book Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2778)
WordPress Plugin Classified Listing Pro & Directory Cross-Site Scripting (2.0.19)
WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.8.6)
Moodle Incorrect Authorization Vulnerability (CVE-2024-48901)