8.8

CVE-2026-32931

EPSS 0.16%
Veröffentlicht 10.04.2026 17:50:40
Zuletzt bearbeitet 17.04.2026 21:27:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version < 1.11.38

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha1

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha2

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha3

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha4

Chamilo ≫ Chamilo Lms Version2.0.0 Updatealpha5

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta1

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta2

Chamilo ≫ Chamilo Lms Version2.0.0 Updatebeta3

Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc1

Chamilo ≫ Chamilo Lms Version2.0.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-863j-h6pf-3xhx

Vendor Advisory

https://github.com/chamilo/chamilo-lms/commit/8cbe660de267f2b6ed625433bdfcf38dee8752b4

Patch

https://github.com/chamilo/chamilo-lms/commit/d5ef5153df3d1b2de112cbeb190cdd10bea457f3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-32931

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32931

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32931

EUVD