Volerion logoVolerion
Volerion logoVolerion

Chamilo LMS XML External Entity Injection Vulnerability Allowing Arbitrary File Read

Vulnerability

A vulnerability exists in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3, where multiple files improperly use simplexml_load_string() without adequate protection against XML External Entity (XXE) attacks. This flaw allows arbitrary server files to be read when the LIBXML_NOENT flag is enabled. The issue has been addressed in versions 1.11.38 and 2.0.0-RC.3.

Impact

Exploitation of this vulnerability leads to unauthorized server-side file read operations. The risk is heightened if the LIBXML_NOENT flag is used or if the libxml configuration is altered.

Reproduction

The vulnerability can be reproduced by uploading a crafted XML file that exploits the XXE vulnerability through the application's file import functionality. The uploaded file can then be used to read arbitrary server files, taking advantage of the LIBXML_NOENT flag.

Remediation

Users can upgrade to Chamilo LMS versions 1.11.38 or 2.0.0-RC.3 to address this vulnerability.

Added: Apr 10, 2026, 7:20 PM
Updated: Apr 10, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
6.4
remediation
7.7
relevance
5.7
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.