17 matches found
Chamilo Command Injection
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. id: CVE-2023-34960 info: name: Chamilo Command Injection author: DhiyaneshDK severity: critical...
Command injection
Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...
Metasploit Weekly Wrap-Up
PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...
Chamilo unauthenticated command injection in PowerPoint upload
Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...
Chamilo 1.11.18 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chamilo unauthenticated command injection in PowerPoint upload', 'Description' = %q Chamilo is an e-learning platform, also called Learning...
Chamilo 1.11.18 Command Injection Exploit
This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker t...
Chamilo LMS 1.11.x < 1.11.20 Multiple Vulnerabilities
Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...
Exploit for Command Injection in Chamilo
CVE-2023-34960 - Mass unauthenticated command injection Chami...
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...
CVE-2023-34960
CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...
Exploit for Command Injection in Chamilo
CVE-2023-34960 Chamilo Command Injection with aut...
Exploit for Command Injection in Chamilo
CVE-2023-34960 - Mass unauthenticated command injection Cham...
Exploit for Command Injection in Chamilo
CVE-2023-34960 - Mass unauthenticated command injection Cham...
VulnCheck KEV: CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...
CVE-2023-34960
creationtimestamp| type| source ---|---|--- 2023-06-09 10:49:23+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4525 2023-06-13 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8479 2023-06-15 12:42:57+00:00| published-proof-of-concept|...
Exploit for Command Injection in Chamilo
CVE-20...