CVE-2021-31933

CVSS 7.2 · High EPSS 14.47% · P94 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-31933

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Chamilo 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Chamilo LMS是Chamilo协会的一套开源的在线学习和协作系统。该系统支持创建教学内容、远程培训和在线答题等。 Chamilo 1.11.14版本及之前版本存在安全漏洞，该漏洞源于对用于文件上传的参数进行不正确的输入无害化处理，以及对某些文件名(例如.phar或.pht)进行不正确的文件扩展名过滤。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-31933

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-31933

请登录查看更多情报信息。

Packet Stormx_refsource_MISC
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-48-2021-04-17-Critical-impact-high-risk-Remote-Code-Executionx_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/229302139e8d23bf6862183cf219b967f6e2fbc1x_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/f65d065061a77bb2e84f73217079ce3998cf3453x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-31933

Same Patch Batch · n/a · 2021-04-30 · 22 CVEs total

CVE-2020-7731	7.5 HIGH	Denial of Service (DoS)
CVE-2021-31231		Grafana 输入验证错误漏洞
CVE-2021-31873		klibc 输入验证错误漏洞
CVE-2021-31919		Rust rkyv crate 安全漏洞
CVE-2021-31871		klibc 输入验证错误漏洞
CVE-2021-31872		klibc 输入验证错误漏洞
CVE-2021-31870		klibc 输入验证错误漏洞
CVE-2021-26807		Boost Connect community Galaxy Client 代码问题漏洞
CVE-2020-1721		pki-core 跨站脚本漏洞
CVE-2021-20266		Red Hat Package Manager 缓冲区错误漏洞
CVE-2020-24918		Ambarella Oryx RTSP Server 缓冲区错误漏洞
CVE-2021-28959		Zoho ManageEngine Eventlog Analyzer 路径遍历漏洞
CVE-2021-31792		SuiteCRM 跨站脚本漏洞
CVE-2021-31232		cortex 输入验证错误漏洞
CVE-2020-27519		pritunl 安全漏洞
CVE-2021-31926		CubeCoders AMP 安全漏洞
CVE-2020-18084		Yzmcms 跨站脚本漏洞
CVE-2020-28943		Open-xchange OX App Suite 代码问题漏洞
CVE-2020-28944		Open-Xchange OX App Suite 资源管理错误漏洞
CVE-2021-31935		Open-xchange OX App Suite 跨站脚本漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-31933

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-31933

I. Basic Information for CVE-2021-31933

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-31933

III. Intelligence Information for CVE-2021-31933

Same Patch Batch · n/a · 2021-04-30 · 22 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-31933

Leave a comment