module
Chamilo unauthenticated command injection in PowerPoint upload
| Disclosed |
|---|
| Jun 1, 2023 |
Disclosed
Jun 1, 2023
Description
Chamilo is an e-learning platform, also called Learning Management Systems (LMS).
This module exploits an unauthenticated remote command execution vulnerability
that affects Chamilo versions `1.11.18` and below (CVE-2023-34960).
Due to a functionality called Chamilo Rapid to easily convert PowerPoint
slides to courses on Chamilo, it is possible for an unauthenticated remote
attacker to execute arbitrary commands at OS level using a malicious SOAP
request at the vulnerable endpoint `/main/webservices/additional_webservices.php`.
This module exploits an unauthenticated remote command execution vulnerability
that affects Chamilo versions `1.11.18` and below (CVE-2023-34960).
Due to a functionality called Chamilo Rapid to easily convert PowerPoint
slides to courses on Chamilo, it is possible for an unauthenticated remote
attacker to execute arbitrary commands at OS level using a malicious SOAP
request at the vulnerable endpoint `/main/webservices/additional_webservices.php`.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.