Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026
Chamilo: Error-based SQL Injection
CVE-2025-50189
Description
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.
Affected products
2<1.11.30+ 1 more
- (no CPE)range: <1.11.30
- (no CPE)range: < 1.11.30
Patches
Vulnerability mechanics
References
5- github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705mitrex_refsource_MISC
- github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81mitrex_refsource_MISC
- github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7mitrex_refsource_MISC
- github.com/chamilo/chamilo-lms/releases/tag/v1.11.30mitrex_refsource_MISC
- github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4rmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.