Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chamilo | Chamilo Lms | < 1.11.30 |
Related Weaknesses (CWE)
References
- https://github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b22Patch
- https://github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e19Patch
- https://github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454Patch
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30ProductRelease Notes
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4rExploitMitigationVendor Advisory
FAQ
What is CVE-2025-50189?
CVE-2025-50189 is a vulnerability with a CVSS score of 8.8 (HIGH). Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] an...
How severe is CVE-2025-50189?
CVE-2025-50189 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-50189?
Check the references section above for vendor advisories and patch information. Affected products include: Chamilo Chamilo Lms.