CVE-2023-4222: 
Chamilo vulnerability analysis and mitigation

CVE-2023-4222 is a command injection vulnerability discovered in Chamilo LMS versions up to and including v1.11.24. The vulnerability exists in the main/lp/openoffice_text_document.class.php file and was disclosed on November 28, 2023. The vulnerability affects users who have permissions to upload Learning Paths in the Chamilo LMS system (STAR Labs Advisory).

The vulnerability stems from improper neutralization of special characters in the OpenofficeTextDocument class. The issue occurs when processing file names in the Learning Path upload functionality. The vulnerability manifests when $this->file_name is used to construct shell commands without proper sanitization. The CVSS v3.1 base score is 7.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:N/C:H/I:H/A:H, indicating network accessibility with high privileges required (STAR Labs Advisory).

Successful exploitation of this vulnerability allows authenticated users with permissions to upload Learning Paths to execute arbitrary commands on the target server with the web server's privileges. This could lead to complete system compromise, including the ability to read, write, or delete files and execute malicious code (STAR Labs Advisory).

The vulnerability has been patched in version 1.11.26. The fix involves proper implementation of escapeshellarg() to escape user input used in shell commands. Users are strongly encouraged to upgrade to the latest version of Chamilo. For detection, administrators should monitor server access logs for suspicious requests to /main/lp/lp_upload.php and related endpoints (STAR Labs Advisory, GitHub Patch).