Code Injection in Chamilo LMS - CVE-2026-44344
Published: June 24, 2026
Chamilo LMS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within "eval()" calls in vendored PEAR HTML_QuickForm libraries. A remote administrator can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.