LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2025-50191

CVE-2025-50191 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 3, 2026

Chamilo - SQL Injection

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Chamilo < 1.11.30 contains an error-based SQL injection caused by unsanitized POST userFile parameter in /main/exercise/hotpotatoes.php, letting attackers execute arbitrary SQL queries remotely, exploit requires crafted POST request.

Severity & Score

Severity: High
CVSS Score: 7.2

Impact

Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification.

Mitigation

Upgrade to version 1.11.30 or later.

References

Related Resources

Details

CVE ID
CVE-2025-50191
Severity
High
CVSS Score
7.2
Type
sql_injection
Status
confirmed

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H