Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Chamilo: Post-Auth Remote Code Execution

CVE-2024-47886

Description

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server. This issue has been patched in version 1.11.26.

Affected products

Chamilo/Chamilo Lmsv5
Range: >= 1.11.12, < 1.11.28

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chamilo/chamilo-lms/releases/tag/v1.11.28mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/security/advisories/GHSA-c4fc-vjm9-9mvcmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000