CVE-2025-50189
Chamilo: Error-based SQL Injection
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.
| CWE | CWE-89 |
| Vendor | chamilo |
| Product | chamilo-lms |
| Published | Mar 2, 2026 |
| Last Updated | Mar 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for chamilo chamilo-lms
Be the first to know when new unknown vulnerabilities affecting chamilo chamilo-lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
chamilo / chamilo-lms
< 1.11.30
References
github.com: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4r github.com: https://github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705 github.com: https://github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81 github.com: https://github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7 github.com: https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30