Vulnerability CVE-2023-34960


Published: 2023-08-01

Description:
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Chamilo 1.11.18 Command Injection
RandoriSec
27.08.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
http://chamilo.com
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution

Copyright 2024, cxsecurity.com

 

Back to Top