{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/chamilo-lms/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.3,"id":"CVE-2026-31939"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-deletion","chamilo-lms"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eChamilo LMS, a learning management system, is vulnerable to a path traversal vulnerability (CVE-2026-31939) affecting versions prior to 1.11.38. This vulnerability resides in the \u003ccode\u003emain/exercise/savescores.php\u003c/code\u003e script. The vulnerability arises because the application directly concatenates user-supplied input from the \u003ccode\u003e$_REQUEST['test']\u003c/code\u003e parameter into a filesystem path without proper sanitization, canonicalization, or traversal checks. This allows an attacker to manipulate the path and potentially delete arbitrary files on the server. Successful exploitation requires an authenticated user with access to the vulnerable functionality. Organizations using affected versions of Chamilo LMS are at risk of data loss and potential system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user accesses the \u003ccode\u003emain/exercise/savescores.php\u003c/code\u003e script within the Chamilo LMS application.\u003c/li\u003e\n\u003cli\u003eThe application retrieves the value of the \u003ccode\u003etest\u003c/code\u003e parameter from the \u003ccode\u003e$_REQUEST\u003c/code\u003e array.\u003c/li\u003e\n\u003cli\u003eThe application concatenates this user-supplied value directly into a file system path without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe application then attempts to delete the file specified by the constructed path using a function such as \u003ccode\u003eunlink()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAn attacker crafts a malicious \u003ccode\u003etest\u003c/code\u003e parameter containing path traversal sequences (e.g., \u003ccode\u003e../../\u003c/code\u003e) to navigate outside the intended directory.\u003c/li\u003e\n\u003cli\u003eThe application, without proper checks, uses the manipulated path to delete a file outside of the designated exercise directory.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully deletes arbitrary files on the server, potentially including sensitive configuration files or other critical data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31939 allows an attacker to delete arbitrary files on the Chamilo LMS server. This can lead to data loss, system instability, and potential compromise of the entire system. The CVSS v3.1 score of 8.3 (HIGH) reflects the potential for significant impact, with confidentiality, integrity, and availability all being affected. The number of victims depends on the deployment size and user base of the affected Chamilo LMS instances.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Chamilo LMS to version 1.11.38 or later to patch CVE-2026-31939, as indicated in the advisory \u003ca href=\"https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.38\"\u003ehttps://github.com/chamilo/chamilo-lms/releases/tag/v1.11.38\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all user-supplied input, especially the \u003ccode\u003etest\u003c/code\u003e parameter in \u003ccode\u003emain/exercise/savescores.php\u003c/code\u003e, to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to \u003ccode\u003emain/exercise/savescores.php\u003c/code\u003e containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e..\\\\\u003c/code\u003e), using the provided Sigma rule as a guide.\u003c/li\u003e\n\u003cli\u003eImplement file system access controls to limit the permissions of the web server process to only the necessary directories.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-chamilo-path-trav/","summary":"A path traversal vulnerability (CVE-2026-31939) in Chamilo LMS versions prior to 1.11.38 allows authenticated attackers to delete arbitrary files via unsanitized user input in the 'test' parameter of savescores.php.","title":"Chamilo LMS Path Traversal Vulnerability (CVE-2026-31939)","url":"https://feed.craftedsignal.io/briefs/2026-04-chamilo-path-trav/"}],"language":"en","title":"CraftedSignal Threat Feed — Chamilo-Lms","version":"https://jsonfeed.org/version/1.1"}