CVE-2026-32931: CWE-434: Unrestricted Upload of File with Dangerous Type in chamilo chamilo-lms
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
AI Analysis
Technical Summary
CVE-2026-32931 is an unrestricted file upload vulnerability (CWE-434) in Chamilo LMS affecting versions prior to 1.11.38 and 2.0.0-RC.3. The flaw exists in the exercise sound upload function, where an authenticated teacher can bypass file type restrictions by spoofing the Content-Type header to audio/mpeg while uploading a PHP file. The uploaded file retains its .php extension and is stored in a web-accessible directory, allowing remote code execution as the web server user (www-data). This vulnerability has a CVSS 3.1 base score of 7.5, indicating high severity. No vendor advisory or patch links are provided in the data, but the description states the issue is fixed in 1.11.38 and 2.0.0-RC.3.
Potential Impact
Successful exploitation allows an authenticated teacher to upload a malicious PHP webshell, enabling remote code execution with the privileges of the web server user. This can lead to full compromise of the affected system, including confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Upgrade Chamilo LMS to version 1.11.38 or later, or 2.0.0-RC.3 or later, where this vulnerability is fixed. Since no official vendor advisory or patch links are provided, verify the upgrade path with the official Chamilo LMS sources before applying. Until upgraded, restrict authenticated user permissions and monitor for suspicious file uploads if possible.
CVE-2026-32931: CWE-434: Unrestricted Upload of File with Dangerous Type in chamilo chamilo-lms
Description
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a web-accessible directory, enabling Remote Code Execution as the web server user (www-data). This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-32931 is an unrestricted file upload vulnerability (CWE-434) in Chamilo LMS affecting versions prior to 1.11.38 and 2.0.0-RC.3. The flaw exists in the exercise sound upload function, where an authenticated teacher can bypass file type restrictions by spoofing the Content-Type header to audio/mpeg while uploading a PHP file. The uploaded file retains its .php extension and is stored in a web-accessible directory, allowing remote code execution as the web server user (www-data). This vulnerability has a CVSS 3.1 base score of 7.5, indicating high severity. No vendor advisory or patch links are provided in the data, but the description states the issue is fixed in 1.11.38 and 2.0.0-RC.3.
Potential Impact
Successful exploitation allows an authenticated teacher to upload a malicious PHP webshell, enabling remote code execution with the privileges of the web server user. This can lead to full compromise of the affected system, including confidentiality, integrity, and availability impacts.
Mitigation Recommendations
Upgrade Chamilo LMS to version 1.11.38 or later, or 2.0.0-RC.3 or later, where this vulnerability is fixed. Since no official vendor advisory or patch links are provided, verify the upgrade path with the official Chamilo LMS sources before applying. Until upgraded, restrict authenticated user permissions and monitor for suspicious file uploads if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-17T00:05:53.282Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d93c061cc7ad14dada4d56
Added to database: 4/10/2026, 6:05:58 PM
Last enriched: 4/18/2026, 2:03:58 PM
Last updated: 5/24/2026, 10:51:23 PM
Views: 76
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.