Zurück zur CVE-Übersicht
CVE-2023-34960
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score54/100 — HOCH
- CVSS 9.8 — Kritisch
- EPSS 99% — sehr wahrscheinlich ausgenutzt
EPSS-Score
99%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Referenzen
- http://packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.ht...
- https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20...
- http://packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.ht...
- https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20...