CVE-2024-47886 | THREATINT

Description

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26.

PUBLISHED Reserved 2024-10-04 | Published 2026-03-02 | Updated 2026-03-02 | Assigner GitHub_M

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

>= 1.11.12, < 1.11.28

affected

References

github.com/...lo-lms/security/advisories/GHSA-c4fc-vjm9-9mvc

github.com/chamilo/chamilo-lms/releases/tag/v1.11.28

cve.org (CVE-2024-47886)

nvd.nist.gov (CVE-2024-47886)

Download JSON