CVE-2025-50189

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.30

Description The Chamilo LMS system has an issue due to inadequate validation of XML object sequences. Successful exploitation could allow a remote attacker to execute arbitrary SQL queries. The application does not sufficiently validate data received from the user via the document POST resource and login POST parameters in the '/main/coursecopy/copy course session selected.php' file, enabling an attacker to modify database query logic by injecting arbitrary SQL statements. The vulnerable parameter is SQL INJECTION HERE.

Recommendations Update to version 1.11.30 or later.