Lucene search

PRIOn knowledge basePRION:CVE-2023-3368

HistoryNov 28, 2023 - 7:15 a.m.

Command injection

2023-11-2807:15:00

PRIOn knowledge base

www.prio-n.com

command injection

chamilo lms

remote code execution

special characters

cve-2023-34960

9.8 High

AI Score

Confidence

High

0.934 High

EPSS

Percentile

99.1%

JSON

Command injection in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

CPENameOperatorVersion
chamilolt1.11.20

CPE	Name	Operator	Version
	chamilo	lt	1.11.20

References

github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a

github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b

starlabs.sg/advisories/23/23-3368/

support.chamilo.org/projects/chamilo-18/wiki/security_issues