top of page
perceptive_background_267k.jpg

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Executi…

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 16:01:55

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Chamilo learning management system contains a critical vulnerability in versions prior to 1.11.28. The vulnerability allows remote code execution through unfiltered evaluation of parameters from SOAP requests. Attackers can exploit this flaw to execute arbitrary code on vulnerable systems. The issue has been addressed in version 1.11.28 with proper input filtering. Organizations using affected versions should upgrade immediately to mitigate the risk of remote compromise.

Technical details

Mitigation steps:

Affected products:

Chamilo LMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-50187
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page