CVE-2025-50195

CVSS v2.0

8.7

High

AV:N/AC:L/Au:S/C:P/I:C/A:C

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation allows a remote attacker to execute arbitrary SQL queries. The vulnerable file is /plugin/vchamilo/views/manage.controller.php.

Recommendations Update to version 1.11.30 or later.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

BDU:2025-06908

CVE-2025-50195

GHSA-C447-V9XQ-MMJ7

Affected Products

Chamilo

CVE-2025-50195

Weakness Enumeration

Related Identifiers

Affected Products

References · 11