Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42029.json",
"cna_assigner": "mitre"
}