Description

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.

Remediation

References

CVE-2022-27426

Related Vulnerabilities

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (5.0.05)

WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)

OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3711)

WordPress 4.5.x PHP Object Injection (4.5 - 4.5.23)

D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)

Severity

High

Classification

CVE-2022-27426 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities