8.8

CVE-2026-29041

EPSS 0.16%
Veröffentlicht 06.03.2026 03:32:37
Zuletzt bearbeitet 09.03.2026 20:20:58
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version < 1.11.34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.366

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34

Product

Release Notes

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-29041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-29041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-29041

EUVD