Description

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Remediation

References

CVE-2026-32931

Related Vulnerabilities

LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4628)

WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)

WordPress Plugin CiviCRM Remote Code Execution (5.24.2)

WordPress Plugin Nofollow for external link Multiple Unspecified Vulnerabilities (1.1.2)

Joomla Missing Authentication for Critical Function Vulnerability (CVE-2019-10946)

Severity

High

Classification

CVE-2026-32931 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities