CVE-2026-29041 - Vulnerability Details

- Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Description

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

Published: 2026-03-06

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Chamilo LMS before version 1.11.34 suffers from a serious flaw that allows an authenticated low‑privileged user to upload arbitrary files based solely on MIME‑type verification. Because file extensions are not validated and the server does not enforce safe storage, the attacker can place a script or binary that the web server then executes, giving full control over the server. This is an example of Unrestricted File Upload (CWE‑434).

Affected Systems

The affected product is Chamilo Learning Management System, versions earlier than 1.11.34. The vendor is Chamilo. Version 1.11.34 or newer contains the fix, so deployments using those releases are no longer vulnerable.

Risk and Exploitability

The CVSS score is 8.8, marking it as high severity. EPSS is below 1%, indicating a low current probability of exploitation. The flaw requires the attacker to be authenticated with low‑privilege permissions; typical attack paths involve uploading a malicious file through an unchecked upload endpoint and then triggering its execution via the web server. KEV status is not listed, meaning no known exploitation catalog entry exists.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

chamilo

chamilo-lms

affected

Version	Status	Constraints
`< 1.11.34`	affected	—

Configuration 1 [-]

cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Chamilo

Chamilo Lms

95%

Version	Status	Scheme	Platform
`[0,1.11.34)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Chamilo LMS to version 1.11.34 or later to eliminate the vulnerability.
Restrict uploaded file types on the server side and enforce strict validation of both MIME type and file extension before processing.
Disable or restrict the file upload feature for low‑privileged users, or move uploaded files to a directory inaccessible to the web server.

Generated by OpenCVE AI on April 16, 2026 at 11:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00222.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8

History

Mon, 09 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:chamilo:chamilo_lms::::::::

Fri, 06 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Chamilo Chamilo chamilo Lms
Vendors & Products		Chamilo Chamilo chamilo Lms

Fri, 06 Mar 2026 04:15:00 +0000

Type	Values Removed	Values Added
Description		Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.
Title		Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload
Weaknesses		CWE-434
References		https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34 https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Chamilo Chamilo Lms

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-06T03:32:37.563Z

Updated: 2026-03-06T16:09:09.242Z

Reserved: 2026-03-03T17:50:11.242Z

Link: CVE-2026-29041

Vulnrichment

Updated: 2026-03-06T15:58:25.147Z

NVD

Status : Analyzed

Published: 2026-03-06T04:16:08.553

Modified: 2026-03-09T20:20:58.097

Link: CVE-2026-29041

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T11:45:26Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object