EUVD-2026-21539
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38.
Analysis
Arbitrary file write vulnerability in Chamilo LMS versions before 1.11.38 allows unauthenticated remote attackers to modify existing files or create new files with system-level permissions through a chained attack exploiting the main/install/ directory. Attackers can bypass PHP execution restrictions when the installation directory remains accessible post-deployment, enabling complete system compromise where filesystem permissions permit. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Verify Chamilo LMS version and confirm whether main/install/ directory is accessible via web interface; if accessible, immediately restrict access via web server configuration (deny all access to main/install/ via .htaccess or nginx rules). Within 7 days: Upgrade to Chamilo LMS 1.11.38 or later; if upgrade is not feasible, implement network-level restrictions preventing unauthenticated access to the application. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today