ByteOS Network

CVE Vulnerability Details :

CVE-2025-50197

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-02 Mar, 2026 | 15:18

Updated At-02 Mar, 2026 | 15:18

▼CVE Numbering Authority (CNA)

Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.

Affected Products

Vendor

chamilo

Product

chamilo-lms

Versions

Affected

< 1.11.30

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Type: CWE

CWE ID: CWE-78

Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics

Version	Base score	Base severity	Vector
4.0	7.1	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Version: 4.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m76m-95c9-6h7r	x_refsource_CONFIRM
https://github.com/chamilo/chamilo-lms/commit/e1c7879d63172cd7e5e47c9a03ade0e32023e134	x_refsource_MISC
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30	x_refsource_MISC

Hyperlink: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m76m-95c9-6h7r

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/chamilo/chamilo-lms/commit/e1c7879d63172cd7e5e47c9a03ade0e32023e134

Resource:

x_refsource_MISC

Hyperlink: https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References