8.8
CVE-2026-32931
- EPSS 0.5%
- Veröffentlicht 10.04.2026 17:50:40
- Zuletzt bearbeitet 17.04.2026 21:27:59
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chamilo ≫ Chamilo Lms Version < 1.11.38
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha3
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha4
Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha5
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta1
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta2
Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta3
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc1
Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.385 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-863j-h6pf-3xhx
https://github.com/chamilo/chamilo-lms/commit/8cbe660de267f2b6ed625433bdfcf38dee8752b4
https://github.com/chamilo/chamilo-lms/commit/d5ef5153df3d1b2de112cbeb190cdd10bea457f3