CVE-2025-50187

Description

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

CVSS breakdown

Affected products

• chamilo / chamilo-lms< 1.11.28 – < 1.11.28

References

• VENDOR_ADVISORYhttps://github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678
• PATCHhttps://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28