Chamilo LMS v1.11.13 SSRF Vulnerability Allows Network Enumeration and Command Execution via Crafted Phar File

Chamilo LMS v1.11.13 SSRF Vulnerability Allows Network Enumeration and Command Execution via Crafted Phar File

CVE-2022-27426 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

Learn more about our Cis Benchmark Audit For Server Software.