9.8
CVE-2025-50187
- EPSS 0.88%
- Veröffentlicht 02.03.2026 14:37:20
- Zuletzt bearbeitet 03.03.2026 19:12:14
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Chamilo: Evaluation of untrusted user input leads to Remote Code Execution
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chamilo ≫ Chamilo Lms Version < 1.11.28
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.543 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678