Vulnerability feed

Vulnerability

CVE-2023-34960

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-34960
Description:: A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Last updated date:: 08/24/2023

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/18/2024
Reference url to background: https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/1/CSA-PRC-LINKED-ACTORS-BOTNET.PDF

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/09/2023
Reference url to background: https://github.com/Aituglo/CVE-2023-34960

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/18/2023
Reference url to background: https://github.com/MzzdToT/Chamilo__CVE-2023-34960_RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/22/2023
Reference url to background: https://github.com/Pari-Malam/CVE-2023-34960

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/22/2023
Reference url to background: https://github.com/ThatNotEasy/CVE-2023-34960

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/24/2023
Reference url to background: https://github.com/Mantodkaz/CVE-2023-34960

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/23/2023
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/chamilo_unauth_rce_cve_2023_34960.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/13/2024
Reference url to background: https://github.com/dvtarsoul/ChExp

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |