Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187) - Vulnerability Database

Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)

Description

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

References

CVE-2025-50187

Related Vulnerabilities

MySQL CVE-2022-21348 Vulnerability (CVE-2022-21348) Medium
Common tags: Missing Update Known Vulnerabilities
silverstripeCMS Improper Authentication Vulnerability (CVE-2020-26136) Medium
Common tags: Missing Update Known Vulnerabilities
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25812) Medium
Common tags: Missing Update Known Vulnerabilities
MediaWiki CVE-2020-25813 Vulnerability (CVE-2020-25813) Medium
Common tags: Missing Update Known Vulnerabilities
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25814) Medium
Common tags: Missing Update Known Vulnerabilities

Severity

Critical

Classification

CVE-2025-50187
CWE-707
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update
Known Vulnerabilities