Lucene search
+L

17 matches found

Nuclei
Nuclei
added 2026/07/11 12:22 a.m.53 views

Chamilo Command Injection

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. id: CVE-2023-34960 info: name: Chamilo Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS7.3AI score0.99192EPSS
Exploits9References5
Prion
Prion
added 2023/11/28 7:15 a.m.26 views

Command injection

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

7.5CVSS9.8AI score0.99192EPSS
Exploits10References4Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2023/08/25 9:26 p.m.46 views

Metasploit Weekly Wrap-Up

PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...

7.5CVSS10.4AI score0.99192EPSS
Exploits14
Metasploit
Metasploit
added 2023/08/24 7:50 p.m.451 views

Chamilo unauthenticated command injection in PowerPoint upload

Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...

9.8CVSS9.4AI score0.99192EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/08/24 12:0 a.m.400 views

Chamilo 1.11.18 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...

9.8CVSS7.1AI score0.99192EPSS
Exploits9
0day.today
0day.today
added 2023/08/24 12:0 a.m.459 views

Chamilo 1.11.18 Command Injection Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker t...

9.8CVSS10AI score0.99192EPSS
Exploits9
OpenVAS
OpenVAS
added 2023/08/03 12:0 a.m.29 views

Chamilo LMS 1.11.x < 1.11.20 Multiple Vulnerabilities

Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...

9.8CVSS6.9AI score0.99192EPSS
Exploits9References9
GithubExploit
GithubExploit
added 2023/08/01 8:9 a.m.485 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Chami...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
Vulnrichment
Vulnrichment
added 2023/08/01 12:0 a.m.21 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

7.9AI score0.99192EPSS
Exploits9References2
CVE
CVE
added 2023/08/01 12:0 a.m.2617 views

CVE-2023-34960

CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...

9.8CVSS9.5AI score0.99192EPSS
In wildExploits9References2Affected Software1
OSV
OSV
added 2023/08/01 12:0 a.m.27 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS8.3AI score0.99192EPSS
Exploits9References4
GithubExploit
GithubExploit
added 2023/07/24 8:51 p.m.435 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 Chamilo Command Injection with aut...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
GithubExploit
GithubExploit
added 2023/07/22 5:27 a.m.567 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Cham...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
GithubExploit
GithubExploit
added 2023/07/22 5:27 a.m.255 views

Exploit for Command Injection in Chamilo

CVE-2023-34960 - Mass unauthenticated command injection Cham...

9.8CVSS9.9AI score0.99192EPSS
Exploits9
VulnCheck KEV
VulnCheck KEV
added 2023/07/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS7.7AI score0.99192EPSS
Exploits9References1
Circl
Circl
added 2023/06/09 10:49 a.m.54 views

CVE-2023-34960

creationtimestamp| type| source ---|---|--- 2023-06-09 10:49:23+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4525 2023-06-13 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8479 2023-06-15 12:42:57+00:00| published-proof-of-concept|...

9.8CVSS8.6AI score0.99192EPSS
In wildExploits9References22
GithubExploit
GithubExploit
added 2023/06/09 10:32 a.m.1446 views

Exploit for Command Injection in Chamilo

CVE-20...

9.8CVSS9.6AI score0.99192EPSS
Exploits9
Rows per page
Query Builder