Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Chamilo Learning Management System: Untrusted Data Deserialization
CVE-2025-50198
Summary
Chamilo's learning management system has a security issue that could allow hackers to execute malicious code. This affects versions of Chamilo before 1.11.30. To stay secure, update to version 1.11.30 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chamilo | chamilo_lms | <= 1.11.30 | – |
Original title
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST ...
Original description
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
nvd CVSS3.1
4.9
nvd CVSS4.0
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://github.com/chamilo/chamilo-lms/commit/07f7954f2dd18c4f5a307b2a6fa802d9ce... Patch
- https://github.com/chamilo/chamilo-lms/commit/89c67e6630852cf94d288499e2cd6f6a06... Patch
- https://github.com/chamilo/chamilo-lms/commit/8bd86913a89fec084053e2c2916df19f15... Patch
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30 Product Release Notes
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-jgxc-96j5-8rrr Exploit Mitigation Vendor Advisory
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026