CVE-2023-4225

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt