Skip to main content

PHP EUVD-2026-21537

| CVE-2026-33618 HIGH
Eval Injection (CWE-95)
2026-04-10 GitHub_M
PHP RCE Code Injection
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Re-analysis Queued
Apr 17, 2026 - 22:07 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:58 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2.0.0-RC.3
EUVD ID Assigned
Apr 10, 2026 - 18:45 euvd
EUVD-2026-21537
Analysis Generated
Apr 10, 2026 - 18:45 vuln.today
CVE Published
Apr 10, 2026 - 18:10 nvd
HIGH 8.8

DescriptionNVD

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into the settings, which is then executed when any user (including unauthenticated) requests /platform-config/list. This vulnerability is fixed in 2.0.0-RC.3.

AnalysisAI

Remote code execution in Chamilo LMS versions prior to 2.0.0-RC.3 allows authenticated attackers with administrative privileges to inject and execute arbitrary PHP code via platform configuration settings. The PlatformConfigurationController::decodeSettingArray() method unsafely uses eval() to parse database-stored settings, executing injected code when any user-including unauthenticated visitors-accesses the /platform-config/list endpoint. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify all Chamilo LMS instances in production and verify current versions against 2.0.0-RC.3. Within 7 days: upgrade all affected Chamilo installations to version 2.0.0-RC.3 or later; restrict access to the /platform-config/list endpoint via network controls pending upgrade. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-21537 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy