CVE-2025-50188

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description The application does not adequately validate user-supplied data from the GET parameter in scripts located at '/plugin/vchamilo/views/syncparams.php' and '/plugin/vchamilo/ajax/service.php'. This allows an attacker to manipulate database query logic through SQL injection. The issue relates to a lack of validation of XML object sequences within the vChamilo plugin. Exploitation could allow a remote attacker to execute arbitrary SQL queries.

Recommendations Update to version 1.11.30 or later.