How to fix CVE-2025-50190?

Within 24 hours: Identify all Chamilo instances and document current versions; isolate or restrict external access to affected systems if running versions below 1.11.30. Within 7 days: Apply vendor patch to upgrade all Chamilo installations to version 1.11.30 or later; conduct post-patch validation testing. Within 30 days: Perform security audit of affected systems for signs of compromise; review access logs for suspicious OpenID authentication activity; implement WAF rules blocking malicious openid.assoc_handle patterns as defense-in-depth.

Is PHP affected by CVE-2025-50190?

Chamilo LMS installations running versions prior to 1.11.30 are vulnerable to critical SQL injection attacks through the OpenID authentication parameter, allowing attackers to extract sensitive data, compromise user accounts, and potentially gain system access.

CVE-2025-50190

CRITICAL

2026-03-02 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 19:14 vuln.today

Public exploit code

Patch Released

Mar 03, 2026 - 19:14 nvd

Patch available

CVE Published

Mar 02, 2026 - 15:16 nvd

CRITICAL 9.8

Description

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.

Analysis

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

Technical Context

CWE-89 error-based SQL injection in Chamilo < 1.11.30.

Affected Products

['Chamilo LMS < 1.11.30']

Remediation

Update Chamilo to 1.11.30+.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: +20

CVE-2025-50190 vulnerability details – vuln.today

Back

CVE-2025-50190

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-50190

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code