Plattform
php
Komponente
chamilo-lms
Behoben in
1.11.39
CVE-2026-31939 describes a Path Traversal vulnerability discovered in Chamilo LMS. This flaw allows an attacker to potentially delete arbitrary files on the server due to insufficient input validation. The vulnerability impacts versions 1.11.0 through 1.11.37 of Chamilo LMS and has been resolved in version 1.11.38.
The core of this vulnerability lies in the main/exercise/savescores.php file, where user-supplied input from the $_REQUEST['test'] parameter is directly concatenated into a filesystem path without proper sanitization or canonicalization. This lack of validation enables an attacker to craft malicious input that bypasses intended access controls and manipulates the file path. Successful exploitation could lead to the deletion of critical system files, potentially disrupting the LMS functionality or even compromising the entire server. While the description specifically mentions file deletion, the potential for other file system manipulations cannot be ruled out, depending on the server's configuration and permissions.
This vulnerability was publicly disclosed on 2026-04-10. Currently, there are no reports of active exploitation campaigns targeting CVE-2026-31939. The availability of a public proof-of-concept is unknown at this time. The CVSS score of 8.3 (HIGH) indicates a significant potential for exploitation if left unaddressed.
Organizations and institutions utilizing Chamilo LMS versions 1.11.0 through 1.11.37 are at risk. This includes educational institutions, training providers, and any entity relying on Chamilo LMS for learning management purposes. Shared hosting environments running vulnerable Chamilo LMS installations are particularly vulnerable due to the potential for cross-tenant exploitation.
• php: Examine web server access logs for requests to main/exercise/savescores.php containing path traversal sequences (e.g., ../..).
• php: Monitor file system activity for unexpected file deletions within the Chamilo LMS installation directory.
• generic web: Use curl to test the main/exercise/savescores.php endpoint with a crafted payload like curl 'http://your-chamilo-instance/main/exercise/savescores.php?test=../../../../etc/passwd' to check for file access outside the intended directory.
disclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-31939 is to immediately upgrade Chamilo LMS to version 1.11.38 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious characters or patterns in the test parameter. Additionally, restrict file system permissions for the Chamilo LMS user to minimize the potential impact of a successful attack. Monitor access logs for unusual file access patterns, particularly those involving the savescores.php file. After upgrading, verify the fix by attempting to access a restricted file via the test parameter; the request should be denied.
Actualice Chamilo LMS a la versión 1.11.38 o posterior para mitigar la vulnerabilidad de recorrido de ruta. Esta actualización corrige la concatenación insegura de la entrada del usuario en la ruta del sistema de archivos, previniendo la eliminación arbitraria de archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-31939 is a Path Traversal vulnerability in Chamilo LMS versions 1.11.0 through 1.11.37, allowing attackers to potentially delete files. It's rated HIGH severity (CVSS: 8.3).
You are affected if you are running Chamilo LMS versions 1.11.0 through 1.11.37. Upgrade to 1.11.38 to mitigate the risk.
Upgrade Chamilo LMS to version 1.11.38. As a temporary workaround, implement WAF rules or input validation to prevent path traversal.
There is no current evidence of active exploitation, but the vulnerability's nature makes it easily exploitable.
Refer to the official Chamilo LMS security advisories on their website for the latest information and updates regarding CVE-2026-31939.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.