Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-50191 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-50191

High

Reference: CVE-2025-50191

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-50191

Title: Chamilo Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

Chamilo is a learning management system. Prior to version 1.11.30 there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.