CVE-2025-50188
Received Received - Intake
SQL Injection in Chamilo Plugin Allows Database Manipulation

Publication date: 2026-03-02

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-03
Generated
2026-05-07
AI Q&A
2026-03-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-50188
EUVD
EUVD-2025-208157
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chamilo chamilo_lms to 1.11.30 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2025-50188 is a SQL Injection vulnerability in the Chamilo LMS, specifically in the vchamilo plugin. It affects versions prior to 1.11.30 and arises because the application does not properly validate or sanitize user input coming from GET parameters in certain scripts. This allows an attacker to inject arbitrary SQL statements by manipulating these parameters, which can alter the logic of database queries.'}, {'type': 'paragraph', 'content': 'The vulnerability is located in the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, where user input is directly used in SQL queries without sufficient validation. Exploitation requires an authorized user with administrator privileges.'}, {'type': 'paragraph', 'content': "The issue was fixed in version 1.11.30 by replacing unsafe raw SQL queries with prepared statements and using Doctrine DBAL's query builder methods to securely handle database operations."}] [1, 2]


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker with administrator privileges to inject arbitrary SQL commands into the database queries of the Chamilo LMS vchamilo plugin. This can lead to unauthorized modification of database content, potentially compromising the confidentiality and availability of the system's data."}, {'type': 'list_item', 'content': 'Confidentiality impact: High, as attackers can access or manipulate sensitive data.'}, {'type': 'list_item', 'content': 'Availability impact: High, since injected SQL commands could disrupt or damage database operations.'}, {'type': 'paragraph', 'content': 'The vulnerability does not impact data integrity directly but can cause significant disruption and data exposure risks.'}] [2]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious GET requests targeting the vulnerable scripts `/plugin/vchamilo/views/syncparams.php` and `/plugin/vchamilo/ajax/service.php` that include unusual or crafted SQL injection payloads in the `value` parameter.'}, {'type': 'paragraph', 'content': 'An example detection method is to look for HTTP GET requests with SQL syntax or error-inducing payloads in the `value` parameter, which may cause database errors or unexpected behavior.'}, {'type': 'list_item', 'content': 'Use web server logs or network monitoring tools to filter requests to the vulnerable endpoints with suspicious parameters, for example using grep:'}, {'type': 'list_item', 'content': 'grep -i \'GET /plugin/vchamilo/views/syncparams.php\' /var/log/apache2/access.log | grep -E "value=.*(\'|--|;|\\bOR\\b|\\bAND\\b)"'}, {'type': 'list_item', 'content': 'grep -i \'GET /plugin/vchamilo/ajax/service.php\' /var/log/apache2/access.log | grep -E "value=.*(\'|--|;|\\bOR\\b|\\bAND\\b)"'}, {'type': 'paragraph', 'content': 'Additionally, testing the application with crafted GET requests containing SQL injection payloads in the `value` parameter can help confirm the presence of the vulnerability.'}] [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading Chamilo LMS to version 1.11.30 or later, where the vulnerability has been patched by replacing unsafe raw SQL queries with prepared statements and Doctrine DBAL query builder methods.

If upgrading is not immediately possible, apply the patch that refactors the vulnerable code to use parameterized queries, as demonstrated in the official fix.

  • Restrict database user privileges to the minimum necessary to reduce impact if exploited.
  • Implement strict input validation and sanitization on all user-supplied GET parameters, especially the `value` parameter.
  • Monitor and block suspicious requests targeting the vulnerable endpoints.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart