CVE-2018-25158

HIGH

Chamilo LMS 1.11.8 - Authenticated RCE

Title source: llm

Description

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.

Exploits (1)

exploitdb WORKING POC

by Sohel Yousef · textwebappsphp

https://www.exploit-db.com/exploits/47423

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47423

[Various Sources] https://github.com/chamilo/chamilo-lms

[Third Party Advisory] https://www.vulncheck.com/advisories/chamilo-lms-arbitrary-file-upload-via-elfinder

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Chamilo/Chamillo LMS Chamilo 1.11.8 or lower to 1.8

Published Feb 20, 2026

Tracked Since Feb 21, 2026