| |
Podatność CVE-2023-34960
Publikacja: 2023-08-01
| Opis: |
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. |
W naszej bazie, znaleźliśmy następujące noty dla tego CVE: | Tytuł | Autor | Data |
Med. |
| RandoriSec | 27.08.2023 |
Typ:
CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
)
Referencje: |
http://chamilo.com
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English