## https://sploitus.com/exploit?id=D2D10D0A-EC4F-55EC-9CCA-A15C895D3113
# CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
## original exploit:
https://github.com/H4cking4All/CVE-2023-4220
## Improvments
* Forced over Tor
* UserAgent tumbling
* Removed the reverse shell
* New command parameters
* WAF bypass
* Command input/output logging
## If it dosen't work tell me because I copied the original and haven't tryed it on a vulnerable computer.