PT-2026-22587 · Chamilo · Chamilo

Published

2026-03-02

Updated

2026-03-07

CVE-2024-47886

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Chamilo versions 1.11.12 through 1.11.26

Description Chamilo is a learning management system affected by a post-authentication PHP unserialize issue that can lead to remote code execution (RCE). The vulnerability allows an administrator to execute arbitrary code on the server by abusing features within the vchamilo virtualization plugin.

Recommendations Update to version 1.11.26 or later.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2024-47886

GHSA-C4FC-VJM9-9MVC

Affected Products

Chamilo

PT-2026-22587 · Chamilo · Chamilo

CVE-2024-47886

Weakness Enumeration

Related Identifiers

Affected Products

References · 8