Product
critical
advisory
Chamilo LMS Unrestricted File Upload Leads to Remote Code Execution
2 rules 1 TTP 1 CVEAn unrestricted file upload vulnerability in Chamilo LMS (CVE-2026-32931) allows an authenticated teacher to upload a PHP webshell, leading to remote code execution.
Chamilo LMS
chamilo
rce
file-upload
2r
1t
1c
critical
advisory
Chamilo LMS Remote Code Execution via Arbitrary File Upload (CVE-2026-33704)
2 rules 1 TTP 1 CVEChamilo LMS versions prior to 1.11.38 are vulnerable to remote code execution via arbitrary file upload by authenticated users due to insufficient file extension filtering in the BigUpload endpoint, allowing execution of PHP code on servers configured to process .pht files.
Chamilo LMS
chamilo
lms
rce
cve-2026-33704
2r
1t
1c