CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...

CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...

EUVD-2025-208166

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...

CVE-2025-50197

Chamilo LMS prior to 1.11.30 has an OS Command Injection in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. Exploitation could allow arbitrary command execution on the server. It is fixed in version 1.11.30 . CVSS v4 base score 7.1 (HIGH); attack vector: NETWORK, privil...

CVE-2025-50197 Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...

Chamilo 操作系统命令注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the POST parameter “newlanguage” in the file...

PT-2025-37376

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...

SUSE CVE-2007-1473

Cross-site scripting XSS vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the newlang parameter to login.php...