Skip to main content

PHP CVE-2025-50198

MEDIUM
Deserialization of Untrusted Data (CWE-502)
2026-03-02 security-advisories@github.com
PHP Deserialization Chamilo Lms
4.9
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 03, 2026 - 19:42 vuln.today
Public exploit code
Patch released
Mar 03, 2026 - 19:42 nvd
Patch available
CVE Published
Mar 02, 2026 - 16:16 nvd
MEDIUM 4.9

DescriptionNVD

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.

AnalysisAI

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. [CVSS 4.9 MEDIUM]

Technical ContextAI

Classified as CWE-502 (Deserialization of Untrusted Data). Affects Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 1.11.30.. Restrict network access to the affected service where possible.

Share

CVE-2025-50198 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy