CVE-2025-50199

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description Chamilo is a learning management system. A blind Server-Side Request Forgery (SSRF) condition exists due to insufficient validation of incoming requests used in the operating system command. Successful exploitation could allow a remote attacker to execute arbitrary HTTP requests. The vulnerable parameter is openid url within the '/index.php' API endpoint.

Recommendations Update to version 1.11.30 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2025-06912

CVE-2025-50199

GHSA-JV2W-M5R6-P52H

Affected Products

Chamilo

CVE-2025-50199

Weakness Enumeration

Related Identifiers

Affected Products

References · 13