CVE-2018-25158

HIGH

Chamilo LMS 1.11.8 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25158. PoCs published by Sohel Yousef.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Chamilo LMS 1.11.8 or lower, allowing authenticated users to upload malicious PHP files disguised as GIF images via the CKEditor module. The PoC includes a PHP shell upload script that bypasses file extension restrictions by prepending a GIF header.

Description

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.

Exploits (1)

exploitdb WORKING POC

by Sohel Yousef · textwebappsphp

https://www.exploit-db.com/exploits/47423

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Chamilo LMS 1.11.8 or lower, allowing authenticated users to upload malicious PHP files disguised as GIF images via the CKEditor module. The PoC includes a PHP shell upload script that bypasses file extension restrictions by prepending a GIF header.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Chamilo LMS 1.11.8 or lower

Auth required

Prerequisites: Registered user account on the target Chamilo LMS instance

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 21, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47423

Various Sources product

https://github.com/chamilo/chamilo-lms

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/chamilo-lms-arbitrary-file-upload-via-elfinder

Scores

CVSS v3 8.8

EPSS 0.0038

EPSS Percentile 29.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Chamilo/Chamillo LMS Chamilo 1.11.8 or lower to 1.8

Published Feb 20, 2026

Tracked Since Feb 21, 2026