CVE-2025-50187 | THREATINT

Description

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

PUBLISHED Reserved 2025-06-13 | Published 2026-03-02 | Updated 2026-03-02 | Assigner GitHub_M

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Product status

< 1.11.28

affected

References

github.com/...lo-lms/security/advisories/GHSA-356v-7xg2-3678

github.com/chamilo/chamilo-lms/releases/tag/v1.11.28

cve.org (CVE-2025-50187)

nvd.nist.gov (CVE-2025-50187)

Download JSON