CVE-2018-25158 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemana…
High CVSS: 8.7

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.
Vendor
-
Product
-
CWE
CWE-434
Yayın Tarihi
2026-02-20 23:15:59
Güncelleme
2026-02-23 18:14:13
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-434 HIGH 2026

Referanslar

https://github.com/chamilo/chamilo-lms https://www.exploit-db.com/exploits/47423 https://www.vulncheck.com/advisories/chamilo-lms-arbitrary-file-upload-via-elfinder