ByteOS Network

CVE Vulnerability Details :

CVE-2025-50189

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-02 Mar, 2026 | 14:49

Updated At-02 Mar, 2026 | 14:49

▼CVE Numbering Authority (CNA)

Chamilo: Error-based SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

Affected Products

Vendor

chamilo

Product

chamilo-lms

Versions

Affected

< 1.11.30

Problem Types

Type	CWE ID	Description
CWE	CWE-89	CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Type: CWE

CWE ID: CWE-89

Description: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Metrics

Version	Base score	Base severity	Vector
4.0	7.2	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Version: 4.0

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4r	x_refsource_CONFIRM
https://github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705	x_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81	x_refsource_MISC
https://github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7	x_refsource_MISC
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30	x_refsource_MISC