Description
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Xerte Online 'save.php' Arbitrary File Upload (0.32)
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.8.5.7)
Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20419)
WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.19)
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)