CVE-2024-47886
Chamilo: Post-Auth Remote Code Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26.
| CWE | CWE-502 |
| Vendor | chamilo |
| Product | chamilo-lms |
| Published | Mar 2, 2026 |
| Last Updated | Mar 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for chamilo chamilo-lms
Be the first to know when new unknown vulnerabilities affecting chamilo chamilo-lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
chamilo / chamilo-lms
>= 1.11.12, < 1.11.28