CVE-2018-25158
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability in the elfinder filemanager module. Authenticated users can upload files (with image headers) in the social myfiles area, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files. Impact is high fo...