Chamilo Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-3533
Path traversal in file upload functionality in /main/webservices/additional_webservices.php in Chamilo LMS lt v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.