Lucene search
+L

17 matches found

Nuclei
Nuclei
added 6 days ago53 views

Chamilo Command Injection

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. id: CVE-2023-34960 info: name: Chamilo Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS7.3AI score0.99192EPSS
Exploits9References5
Prion
Prion
added 2023/11/28 7:15 a.m.26 views

Command injection

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

7.5CVSS9.8AI score0.99192EPSS
Exploits10References4Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2023/08/25 9:26 p.m.46 views

Metasploit Weekly Wrap-Up

PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...

7.5CVSS10.4AI score0.99192EPSS
Exploits14
Metasploit
Metasploit
added 2023/08/24 7:50 p.m.450 views

Chamilo unauthenticated command injection in PowerPoint upload

Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...

9.8CVSS9.4AI score0.99192EPSS
Exploits9
0day.today
0day.today
added 2023/08/24 12:0 a.m.458 views

Chamilo 1.11.18 Command Injection Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker t...

9.8CVSS10AI score0.99192EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.397 views

Chamilo 1.11.18 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...

9.8CVSS7.1AI score0.99192EPSS
Exploits9
OpenVAS
OpenVAS
added 2023/08/03 12:0 a.m.29 views

Chamilo LMS 1.11.x < 1.11.20 Multiple Vulnerabilities

Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...

9.8CVSS6.9AI score0.99192EPSS
Exploits9References9
GithubExploit
GithubExploit
added 2023/08/01 8:9 a.m.483 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Chami...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
Vulnrichment
Vulnrichment
added 2023/08/01 12:0 a.m.21 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

7.9AI score0.99192EPSS
Exploits9References2
CVE
CVE
added 2023/08/01 12:0 a.m.2617 views

CVE-2023-34960

CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...

9.8CVSS9.5AI score0.99192EPSS
In wildExploits9References2Affected Software1
OSV
OSV
added 2023/08/01 12:0 a.m.27 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS8.3AI score0.99192EPSS
Exploits9References4
GithubExploit
GithubExploit
added 2023/07/24 8:51 p.m.433 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 Chamilo Command Injection with aut...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
GithubExploit
GithubExploit
added 2023/07/22 5:27 a.m.254 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Cham...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
GithubExploit
GithubExploit
added 2023/07/22 5:27 a.m.566 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Cham...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
VulnCheck KEV
VulnCheck KEV
added 2023/07/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS7.7AI score0.99192EPSS
Exploits9References1
Circl
Circl
added 2023/06/09 10:49 a.m.54 views

CVE-2023-34960

creationtimestamp| type| source ---|---|--- 2023-06-09 10:49:23+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4525 2023-06-13 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8479 2023-06-15 12:42:57+00:00| published-proof-of-concept|...

9.8CVSS8.6AI score0.99192EPSS
In wildExploits9References22
GithubExploit
GithubExploit
added 2023/06/09 10:32 a.m.1440 views

Exploit for Command Injection in Chamilo

CVE-20...

9.8CVSS9.6AI score0.99192EPSS
Exploits9
Rows per page
Query Builder