Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026
Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
CVE-2025-50187
Description
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
Affected products
2<1.11.28+ 1 more
- (no CPE)range: <1.11.28
- (no CPE)range: < 1.11.28
Patches
Vulnerability mechanics
References
2- github.com/chamilo/chamilo-lms/releases/tag/v1.11.28mitrex_refsource_MISC
- github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.