CVE-2025-50198

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description Chamilo is a learning management system susceptible to deserialization of untrusted data. The issue resides in /plugin/vchamilo/views/import.php and is triggered through POST requests utilizing the configuration file, course path, and home path parameters. Successful exploitation could allow a remote attacker to create objects of arbitrary classes.

Recommendations Update to version 1.11.30 or later.