Meng Hokseng

**Name of the Vulnerable Software and Affected Versions** Chamilo versions prior to 1.11.34 **Description** Chamilo LMS is susceptible to an authenticated remote code execution issue stemming from insufficient validation of uploaded files. The application depends on MIME-type verification for file uploads, lacking adequate file extension validation and secure server-side storage restrictions. This allows a user with limited privileges to upload a malicious file containing executable code and execute arbitrary commands on the server. **Recommendations** Update to version 1.11.34 or later.