LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2024-47886

CVE-2024-47886 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 3, 2026

Chamilo - Remote Code Execution

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Chamilo 1.11.12 to 1.11.26 contains a remote code execution caused by post-authentication phar unserialize in the virtualization plugin vchamilo, letting administrators execute arbitrary code on the server, exploit requires administrator privileges.

Severity & Score

Severity: High
CVSS Score: 7.2
EPSS Score: 88.8%(Probability of exploitation in next 30 days)

Impact

Administrators can execute arbitrary code on the server, potentially leading to full server compromise.

Mitigation

Upgrade to version 1.11.26.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 9, 2026

📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1428 Severity: - Critical: 187 - High: 549 - Medium: 456 - Low: 43 - None: 193 Status: - : 38 - Analyzed: 324 - Awaiting Analysis: 475 - Modified: 83 - Received: 445 - Rejected: 7 - Undergoing Analysis: 56 Top CNAs: - GitHub, Inc.: 283 - Patchstack: 271 - MITRE: 128 - VulnCheck: 107 - VulDB: 85 - Wordfence: 74 - Android (associated with Google Inc. or Open Handset Alliance): 57 - Cisco Systems, Inc.: 50 - N/A: 38 - Acronis International GmbH: 23 Top Affected Products: - UNKNOWN: 1003 - Google Android: 74 - Chamilo Lms: 25 - Dlink Dir-513 Firmware: 20 - Huawei Harmonyos: 18 - Qualcomm Qca6595au Firmware: 14 - Qualcomm Wcd9380 Firmware: 14 - Qualcomm Wcd9385 Firmware: 14 - Qualcomm Wsa8830 Firmware: 14 - Qualcomm Wsa8815 Firmware: 14 Top EPSS Score: - CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256) - CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105) - CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070) - CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478) - CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101) - CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107) - CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227) - CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886) - CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675) - CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)

View original post

Related Resources

Details

CVE ID
CVE-2024-47886
Severity
High
CVSS Score
7.2
Type
insecure_deserialization
Status
confirmed
EPSS
88.8%
Social Posts
1

CWE

  • CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

88.8%Probability of exploitation in the next 30 days