Lucene search

[email protected]CVE-2023-34960

HistoryAug 01, 2023 - 2:15 a.m.

CVE-2023-34960

2023-08-0102:15:10

CWE-77

[email protected]

web.nvd.nist.gov

2405

cve-2023-34960

command injection

chamilo

vulnerability

soap api

powerpoint

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.922 High

EPSS

Percentile

99.0%

JSON

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.

Affected configurations

NVD

Node

chamilochamiloRange1.11.0–1.11.18

CPENameOperatorVersion
chamilo:chamilochamilole1.11.18

CPE	Name	Operator	Version
chamilo:chamilo	chamilo	le	1.11.18

References

chamilo.com

packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html

support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.922 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2023-34960

cnvd1 osv2 prion2 metasploit1 githubexploit8 nuclei1 packetstorm1 cvelist2 nvd2 zdt1 cve1 rapid7blog1 openvas1