Arbitrary file upload in Chamilo LMS - #VU137017
Published: July 7, 2026
Chamilo LMS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to unrestricted upload of file with dangerous type in the course dropbox upload handler when handling file uploads to the dropbox tool. A remote user can upload a crafted .htaccess file and a php payload disguised as a .gif to execute arbitrary code.
Exploitation requires an authenticated course participant account and the dropbox tool to be enabled for the course.