Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Chamilo: Evaluation of untrusted user input leads to Remote Code Execution

CVE-2025-50187

Description

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

Affected products

Chamilo/Chamilo Lmsv5
Range: < 1.11.28

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chamilo/chamilo-lms/releases/tag/v1.11.28mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000