CVE-2026-35196

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3

Description An OS Command Injection issue exists in the 'main/inc/ajax/gradebook.ajax.php' endpoint within the export all certificates action. The course code retrieved from the $ SESSION[' cid'] session variable via the api get course id() function is concatenated directly into a shell exec() command string without proper sanitization or escaping. An attacker who can manipulate session data to inject shell metacharacters into the cid variable can execute arbitrary commands on the server, potentially allowing them to read system files and credentials, modify the application and database, or disrupt server availability.

Recommendations Update to version 2.0.0-RC.3.