Description

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

Remediation

References

CVE-2022-27426

Related Vulnerabilities

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0126)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10003)

MySQL Numeric Errors Vulnerability (CVE-2010-3835)

OpenSSL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2022-2068)

Severity

High

Classification

CVE-2022-27426 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities