Arbitrary file upload in Chamilo LMS - #VU137017

 

Arbitrary file upload in Chamilo LMS - #VU137017

Published: July 7, 2026


Vulnerability identifier: #VU137017
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Chamilo
Affected software:
Chamilo LMS

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to unrestricted upload of file with dangerous type in the course dropbox upload handler when handling file uploads to the dropbox tool. A remote user can upload a crafted .htaccess file and a php payload disguised as a .gif to execute arbitrary code.

Exploitation requires an authenticated course participant account and the dropbox tool to be enabled for the course.


Remediation

Install security update from vendor's website.

Sources