WRITEUP

WRITEUP
Exploit for CVE-2025-50196 - Chamilo <1.11.30 - Command Injection
AI Analysis

This patch addresses a vulnerability in Chamilo LMS by introducing a new method `clearDatabaseName` to sanitize database names, preventing potential SQL injection or malicious database name manipulation. The changes are applied to database handling in the core system and the VChamilo plugin.

Attack Type
SQLi
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Writeup
Type patch
Files 1
Authors
Angel Fernando Quiroz Campos
Vulnerability
CVE-2025-50196
Chamilo <1.11.30 - Command Injection
HIGH
CVSS 7.2