Kutlymurat Mambetniyazov

**Name of the Vulnerable Software and Affected Versions** Chamilo versions prior to 1.11.14 **Description** The issue is related to a lack of protection in the SQL query structure, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The `searchField`, `filters`, or `filters2` parameter in the `main/inc/ajax/model.ajax.php` file is vulnerable to SQL Injection. **Recommendations** For versions prior to 1.11.14, as a temporary workaround, consider restricting access to the `main/inc/ajax/model.ajax.php` file or disabling the `searchField`, `filters`, or `filters2` parameter until a patch is available. Avoid using the `searchField`, `filters`, or `filters2` parameter in the affected API endpoint until the issue is resolved.