PT-2026-32019 · Apache+1 · Apache+1
Published
2026-04-10
·
Updated
2026-04-11
·
CVE-2026-33704
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Chamilo LMS versions prior to 1.11.38
Description
Chamilo LMS is a learning management system. Authenticated users, including students, can write arbitrary content to files on the server through the
BigUpload endpoint. The key parameter controls the filename, and the raw POST body becomes the file content. While .php extensions are filtered to .phps, the .pht extension is not filtered and is handled as PHP on some Apache configurations, leading to Remote Code Execution.Recommendations
Update to version 1.11.38 or later.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache
Chamilo Lms