CVE-2025-50198

MEDIUM
2026-03-02 [email protected]
4.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 03, 2026 - 19:42 vuln.today
Public exploit code
Patch Released
Mar 03, 2026 - 19:42 nvd
Patch available
CVE Published
Mar 02, 2026 - 16:16 nvd
MEDIUM 4.9

Tags

PHP Deserialization Chamilo Lms

Description

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.

Analysis

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

Technical Context

Classified as CWE-502 (Deserialization of Untrusted Data). Affects Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.

Affected Products

Vendor: Chamilo. Product: Chamilo Lms. Versions: up to 1.11.30.

Remediation

A vendor patch is available — apply it immediately. Fixed in version 1.11.30.. Restrict network access to the affected service where possible.

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +24
POC: +20

Share

CVE-2025-50198 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy