← Voltar para CVEs
CVE-2018-25158
HIGH8.8
Descricao
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/20/2026
Ultima modificacao2/23/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-434
Referencias
https://github.com/chamilo/chamilo-lms(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47423(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/chamilo-lms-arbitrary-file-upload-via-elfinder(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.