Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
High

CVE-2023-34960

Disclosure Date: August 01, 2023 (last updated October 08, 2023)
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Attacker Value
Unknown

CVE-2023-3368

Disclosure Date: November 28, 2023 (last updated December 05, 2023)
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.