CVE-2026-31939

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38

Description Chamilo LMS contains a path traversal flaw in the 'main/exercise/savescores.php' component. The issue stems from directly concatenating user-supplied input from the test parameter within the $ REQUEST array into a filesystem path without proper sanitization or traversal checks. This allows for arbitrary file deletion.

Recommendations Update to version 1.11.38 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-22

Related Identifiers

CVE-2026-31939

Affected Products

Chamilo Lms

CVE-2026-31939

Weakness Enumeration

Related Identifiers

Affected Products

References · 5