CVE-2026-29041

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34	Product Release Notes
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8	Vendor Advisory Mitigation

Configurations

Configuration 1 (hide)

cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 04:16

Updated : 2026-03-09 20:20

NVD link : CVE-2026-29041

Mitre link : CVE-2026-29041

CVE.ORG link : CVE-2026-29041

JSON object : View

Products Affected

chamilo

chamilo_lms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2026-29041", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-06T04:16:08.553", "references": [{"url": "https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4pc3-4w2v-vwx8", "tags": ["Vendor Advisory", "Mitigation"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34."}, {"lang": "es", "value": "Chamilo es un sistema de gesti\u00f3n del aprendizaje. Antes de la versi\u00f3n 1.11.34, Chamilo LMS est\u00e1 afectado por una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada causada por una validaci\u00f3n incorrecta de los archivos subidos. La aplicaci\u00f3n se basa \u00fanicamente en la verificaci\u00f3n del tipo MIME al manejar las subidas de archivos y no valida adecuadamente las extensiones de archivo ni aplica restricciones seguras de almacenamiento en el servidor. Como resultado, un usuario autenticado con bajos privilegios puede subir un archivo manipulado que contiene c\u00f3digo ejecutable y posteriormente ejecutar comandos arbitrarios en el servidor. Este problema ha sido parcheado en la versi\u00f3n 1.11.34."}], "lastModified": "2026-03-09T20:20:58.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF6714C4-3D58-43BF-A32C-6D436DB93E01", "versionEndExcluding": "1.11.34"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}