Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Chamilo: Error-based SQL Injection

CVE-2025-50189

Description

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

Affected products

Chamilo/Chamilo Lmsv5
Range: < 1.11.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/releases/tag/v1.11.30mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4rmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000