Path traversal in file upload functionality in /main/webservices/additional_webservices.php
in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.