## https://sploitus.com/exploit?id=07205B10-CC60-50B1-98AD-5F6D830FBBF0
# Proof of concept exploit for CVE-2023-4220
- *Affected product*: Chamilo <= 1.11.24
This CVE abuses an unathenticated file upload vulnerability in Chamilo 1.11.24 and lower.
An attacker has the ability to upload PHP files with no restrictions, leading to RCE.
## How to use
```bash
python3 exploit.py -u URL -c COMMAND
```
## Showcase
<img style="align: center" src="cve-2023-4220.gif"/>