What is the CVSS score of CVE-2024-47886?

CVE-2024-47886 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.9%.

Which versions of Chamilo Lms are affected by CVE-2024-47886?

Chamilo LMS instances running versions 1.11.12 through 1.11.26 are vulnerable to remote code execution through a post-authentication exploit with no available patch.

Is there a public PoC exploit available for CVE-2024-47886?

Yes, a public proof-of-concept exploit is available for CVE-2024-47886. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate CVE-2024-47886?

Within 24 hours: Audit all Chamilo instances to identify affected versions and document user access patterns. Within 7 days: Implement network segmentation to restrict Chamilo access, disable unnecessary features, and apply WAF rules blocking serialized object exploitation. Within 30 days: Upgrade to patched Chamilo version (1.11.27 or later) or migrate to alternative LMS solution; establish vulnerability monitoring for vendor updates.

Chamilo Lms CVE-2024-47886

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-03-02 security-advisories@github.com

RCE Deserialization Chamilo Lms

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 19:11 vuln.today

Public exploit code

CVE Published

Mar 02, 2026 - 15:16 nvd

HIGH 7.2

DescriptionNVD

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26.

AnalysisAI

Technical ContextAI

Classified as CWE-502 (Deserialization of Untrusted Data). Affects Chamilo Lms. Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26.

RemediationAI

Fixed in version 1.11.26.. Restrict network access to the affected service where possible.

CVE-2024-47886 vulnerability details – vuln.today

Back

Chamilo Lms CVE-2024-47886

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code