{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T07:17:42.554","vulnerabilities":[{"cve":{"id":"CVE-2026-30875","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T20:16:18.330","lastModified":"2026-03-17T18:53:29.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation only checks if h5p.json exists but doesn't block .htaccess or PHP files with alternative extensions. An attacker uploads a crafted H5P package containing a webshell and .htaccess that enables PHP execution for .txt files, bypassing security control. This issue has been patched in version 1.11.36."},{"lang":"es","value":"Chamilo LMS es un sistema de gestión del aprendizaje. Antes de la versión 1.11.36, una vulnerabilidad de carga arbitraria de archivos en la función de importación H5P permite a usuarios autenticados con rol de Profesor lograr Ejecución Remota de Código (RCE). La validación del paquete H5P solo verifica si h5p.json existe, pero no bloquea archivos .htaccess o PHP con extensiones alternativas. Un atacante carga un paquete H5P manipulado que contiene una webshell y .htaccess que habilita la ejecución de PHP para archivos .txt, eludiendo el control de seguridad. Este problema ha sido parcheado en la versión 1.11.36."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.36","matchCriteriaId":"87C4F8D8-CDE4-42B6-8661-0F7823DC1079"}]}]}],"references":[{"url":"https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.36","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-mj4f-8fw2-hrfm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}