CVE-2026-29041
Chamilo LMS is affected prior to version 1.11.34 by an authenticated remote code execution flaw due to inadequate validation of uploaded files. The system relies on MIME-type checks and does not properly validate file extensions or enforce safe storage, allowing an authenticated low-privileged us...