CVE-2025-50189HIGH 8.8EPSS p49.5%

CVE-2025-50189CVE-2025-50189

Description

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.73% probability of exploitation · percentile 49.5% · 2026-06-19T12:03:05Z
Published2026-03-02
Last modified2026-03-03

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705
  2. https://github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81
  3. https://github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7
  4. https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
  5. https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4r

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-50190
CVE
CVE-2025-50192
CVE
CVE-2025-50187
CVE
CVE-2025-55289
CVE
CVE-2025-50199
CVE
CVE-2026-28430
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.