CVE-2021-31933

HIGH

Chamilo <= 1.11.14 - Authenticated Remote Code Execution via File Upload Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-31933. PoCs published by M. Cory Billington.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in Chamilo LMS 1.11.14 to achieve remote code execution by uploading a malicious PHAR file to a writable directory. The exploit requires admin credentials and performs a directory traversal to place the webshell in a specific path.

Description

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED
by M. Cory Billington · pythonwebappsphp
https://www.exploit-db.com/exploits/49867

This exploit leverages an authenticated file upload vulnerability in Chamilo LMS 1.11.14 to achieve remote code execution by uploading a malicious PHAR file to a writable directory. The exploit requires admin credentials and performs a directory traversal to place the webshell in a specific path.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Chamilo LMS 1.11.14
Auth required
Prerequisites: Admin credentials for Chamilo LMS · Network access to the target · Writable directory accessible via path traversal
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.2
EPSS 0.1393
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-706
Status published
Products (1)
chamilo/chamilo < 1.11.14
Published Apr 30, 2021
Tracked Since Feb 18, 2026