CVE-2023-4220: 
Chamilo vulnerability analysis and mitigation

CVE-2023-4220 affects Chamilo LMS versions up to and including v1.11.24. The vulnerability exists in the big file upload functionality located at /main/inc/lib/javascript/bigupload/inc/bigUpload.php, which allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution through web shell uploads (STAR Labs, NVD).

The vulnerability stems from improper file upload validation in the postUnsupported() method. The code accepts user-supplied filenames without sanitization and moves uploaded files to an accessible directory within the web root. The CVSS v3.1 base score is 8.1 (High) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (STAR Labs).

Successful exploitation allows attackers to achieve unauthenticated remote code execution with www-data privileges and perform stored cross-site scripting attacks. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (STAR Labs, AttackerKB).

The vulnerability was patched in version 1.11.26. The fix includes proper sanitization of user-supplied filenames using disabledangerousfile() and apireplacedangerous_char() functions. Additional recommended mitigations include adding .htaccess rules to disallow direct access to the /files directory and prevent MIME sniffing (STAR Labs).