Home / Vulnerability Intelligence / CVE-2025-50192

CVE-2025-50192 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Chamilo - SQL Injection

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Chamilo < 1.11.30 contains a time-based SQL injection caused by unsanitized input in /main/webservices/registration.soap.php, letting remote attackers perform SQL injection, exploit requires crafted request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 2.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can perform SQL injection, potentially leading to data disclosure or manipulation.

Mitigation

Update to version 1.11.30 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 4, 2026

🔴 CVE-2025-50192 - Critical (9.8) Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50192/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-50192
Severity: Critical
CVSS Score: 9.8
Type: sql_injection
Status: confirmed
EPSS: 2.7%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.7%Probability of exploitation in the next 30 days