CVE-2025-50189

HighPublic PoC

Published: 02 March 2026

Published

02 March 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 24.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50189 is a high-severity SQL Injection (CWE-89) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates SQL injection by requiring validation and sanitization of user-supplied POST parameters like resource[document] and login before database query construction.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation of the specific SQL injection flaw in Chamilo by applying patches such as version 1.11.30.

RA-5 Vulnerability Monitoring and Scanning good match

detectrespond

Identifies SQL injection vulnerabilities like CVE-2025-50189 through automated scanning and monitoring, enabling remediation before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in a web-accessible LMS endpoint directly enables remote exploitation of a public-facing application (T1190) and unauthorized access/manipulation of database contents (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack…

aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.

Deeper analysisAI

CVE-2025-50189 is a SQL injection vulnerability in Chamilo, an open-source learning management system. Prior to version 1.11.30, the application fails to sufficiently validate user-supplied data in POST parameters such as resource[document] and login within the /main/coursecopy/copy_course_session_selected.php endpoint. This flaw, classified under CWE-89, enables attackers to inject arbitrary SQL statements that alter database query logic. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentially, integrity, and availability impacts.

An authenticated attacker with low privileges, such as a registered user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting malicious POST requests to the affected endpoint, the attacker can manipulate SQL queries to achieve outcomes like data exfiltration, modification, or deletion, depending on database permissions and structure.

The issue has been addressed in Chamilo version 1.11.30, as detailed in the project's GitHub security advisory (GHSA-vxx3-648j-7p4r) and release notes. Mitigation involves upgrading to the patched version, with relevant fixes implemented in commits such as 22bb81df8f7062da20a2f6248789f47b221ca705, 75ab03c938adc48a3cd8234d98fc340e1998aa81, and 7903cef2eb41817c11a52ba6ac34a1d454bc5ef7. Security practitioners should review access controls on the course copy functionality and apply input sanitization as interim measures if immediate patching is not feasible.

Details

CWE(s): CWE-89

Affected Products

chamilo

chamilo lms

≤ 1.11.30

CVEs Like This One

CVE-2025-50191Same product: Chamilo Chamilo Lms

CVE-2026-28430Same product: Chamilo Chamilo Lms

CVE-2026-33714Same product: Chamilo Chamilo Lms

CVE-2026-30881Same product: Chamilo Chamilo Lms

CVE-2025-50188Same product: Chamilo Chamilo Lms

CVE-2025-50190Same product: Chamilo Chamilo Lms

CVE-2025-50192Same product: Chamilo Chamilo Lms

CVE-2025-52469Same product: Chamilo Chamilo Lms

CVE-2026-33710Same product: Chamilo Chamilo Lms

CVE-2025-52998Same product: Chamilo Chamilo Lms

References

https://github.com/chamilo/chamilo-lms/commit/22bb81df8f7062da20a2f6248789f47b221ca705
Patch · security-advisories@github.com
https://github.com/chamilo/chamilo-lms/commit/75ab03c938adc48a3cd8234d98fc340e1998aa81
Patch · security-advisories@github.com
https://github.com/chamilo/chamilo-lms/commit/7903cef2eb41817c11a52ba6ac34a1d454bc5ef7
Patch · security-advisories@github.com
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
Product, Release Notes · security-advisories@github.com
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-vxx3-648j-7p4r
Exploit, Mitigation, Vendor Advisory · security-advisories@github.com