AI Score
Confidence
High
EPSS
Percentile
98.9%
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
chamilo.com
packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html
support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution